Analysis

  • max time kernel
    149s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 06:49

General

  • Target

    5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe

  • Size

    82KB

  • MD5

    5cde2bca4687b28bf389948f6944a540

  • SHA1

    69c234ac6d82b3ddefe2b39174b87e07e1750368

  • SHA256

    8df5aa50574578a37863f41b1fba422529bfac71eccf326e32e35c4c410361ac

  • SHA512

    900f0ada5e3abdd055f6a184e26f0baf0375e4096925f77c9aec74ab06cdd7f7ffbb567a7039be0b5b8ba7eb7b42d5b1632cf033276fa8038eb6af93115742e5

  • SSDEEP

    768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHe:W7ZDpApYbWjIlE77ufL2e+efZwZavC

Score
9/10

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    7d913978cedccc008224a3e6bed2febc

    SHA1

    d4610ac1171a06590f41563fa12f6b3878c22348

    SHA256

    c400cb2e1d7adea4b7635503faf6afada732390db418df3a86ebc34a052d7599

    SHA512

    ba161984d115276f0a03c15ece8e3e38c29eb427317ecd6ce566866963fa745e122583d0848453d3e2ef6ccd944d2fa8f0e9e5e65b4fd004a42643b89060c52d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    181KB

    MD5

    6ba7361dbe9d9685971c6d9f5eb23cfd

    SHA1

    4dc747d3a98a2340a78562fdb24e0df2e4c89462

    SHA256

    eef7bf1cc030c8c05cb916217c807ccb10da8d0d06ae9d3d11b0cdef12211463

    SHA512

    e1583294c23e90f44dffc331c2831a51f6f82ed349f1f9488c10775d3b638b808b03308c3abef2aa790404ac77d5ed591f41bd61e07cf84b44330fd1264cce11