Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 07:31

General

  • Target

    6205543a6e5099fa0ef92529861d3300_NeikiAnalytics.exe

  • Size

    435KB

  • MD5

    6205543a6e5099fa0ef92529861d3300

  • SHA1

    066b8bb23e78c65af86f44a6e8dc057a6f92f03f

  • SHA256

    12f7a6aa796a8f13c5842fc7f160643692d55765a3f2956362b5d4822ea62dd7

  • SHA512

    1fd517a47120da3fe8f4d79293f80e2f10f696d2a4c8b09798bbfc86aa8c39d999985e79560271055d221a649862b4762ee6645fe5179fb4fd8f507f9cb30e96

  • SSDEEP

    6144:KiQSodvy5yOZZZZjqYWI75NLIZKcuBHZZZDGmmmml6RqSWOEmmm5NoBmmmmmSDyk:VQtbOLEgqaei2ZPr2Iya

Score
9/10

Malware Config

Signatures

  • Renames multiple (2625) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6205543a6e5099fa0ef92529861d3300_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6205543a6e5099fa0ef92529861d3300_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

    Filesize

    436KB

    MD5

    2a4d769888f9c51cd5785a61f7da778b

    SHA1

    4e953430ed3120c524536aefe9869435970402ea

    SHA256

    b1f65875b81d4ee32a6dea2d69fae79d8aaa35f62138a934b534fd82cb58fa90

    SHA512

    3c0f35aa9fb2a9ddbd160842abe1dd09f6763a2eacc73cfbaa01e92b061d96e159ea1a5e3ea82ba2b9046ccd58385574ef1b1a2353b6286b7ac7e71d520c0328

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    445KB

    MD5

    8f8c961ddef1941ff642ab1cd7ef693c

    SHA1

    e2fa0c737ff4c8a688b98b8acde3ba90f199f6f4

    SHA256

    5fbabd2385901c9a9cba2bd16706348d185476ed9625f3dd085bed6ec1d3def9

    SHA512

    f9a3961d8d83db494c41b1ff66691be44040b97233ac66979f44cd474888ef202c449a78409c24682dbffed2ff2d945d9d997b2338fddccb0e97fd22829682db

  • memory/2188-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2188-372-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB