Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 06:52

General

  • Target

    5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe

  • Size

    90KB

  • MD5

    5d162b7afe6cc12b5497bb7e1366c7f0

  • SHA1

    5a04b3c3ad9382461409ac6c654a7d9f30020a05

  • SHA256

    fe2140b01839570b839b558515b05d662d3cc9cac87b3663f36553a9d55eafc5

  • SHA512

    03ac17441c363315aebd180c8af99add5f88433eb3251aa248ab80ebc9a0270c299fc38862b2aff2f13e1a5334346ef511c795b0e403b65633785ad99db90dc7

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8FwQ/4mCB:fnyiQSoywQ/4mCB

Score
9/10

Malware Config

Signatures

  • Renames multiple (1296) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4176
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3984

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

      Filesize

      90KB

      MD5

      1024bcf23ade26cf3f42a047545a80a3

      SHA1

      675a295f6692350b6881a635000d424481159626

      SHA256

      f826243160878555a7623c504eed5ed8fafe010aeaef5f19f34aaf801d431a21

      SHA512

      73cae1762f96d2f06fc72c02c42ba1fac8eedeb8bbdd0ba5420d36c96642b42b2902a07b494c08fab0d5bb9f491c3998d622a7580188ed3443070613b7aaf36e

    • C:\libsmartscreen.dll.tmp

      Filesize

      90KB

      MD5

      d00dd9ca38f2908f7286f061102697c8

      SHA1

      06ffea3e7abd8df2dd4489f2f19a1d6efd562a0f

      SHA256

      4478ecc7ef7a3f09f749ea634127982878219d344cfb0853647529277d82c509

      SHA512

      a2c2a99ce58e6b58553d24a73a0c5781fb2aac80666836f1f1b706c7b49d1f341d2b727218905972f20cb42b081b34ee2b41e42955a2b83226b1579e34bfdf3c

    • memory/4176-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/4176-418-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB