Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 07:31

General

  • Target

    6205543a6e5099fa0ef92529861d3300_NeikiAnalytics.exe

  • Size

    435KB

  • MD5

    6205543a6e5099fa0ef92529861d3300

  • SHA1

    066b8bb23e78c65af86f44a6e8dc057a6f92f03f

  • SHA256

    12f7a6aa796a8f13c5842fc7f160643692d55765a3f2956362b5d4822ea62dd7

  • SHA512

    1fd517a47120da3fe8f4d79293f80e2f10f696d2a4c8b09798bbfc86aa8c39d999985e79560271055d221a649862b4762ee6645fe5179fb4fd8f507f9cb30e96

  • SSDEEP

    6144:KiQSodvy5yOZZZZjqYWI75NLIZKcuBHZZZDGmmmml6RqSWOEmmm5NoBmmmmmSDyk:VQtbOLEgqaei2ZPr2Iya

Score
9/10

Malware Config

Signatures

  • Renames multiple (3956) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6205543a6e5099fa0ef92529861d3300_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6205543a6e5099fa0ef92529861d3300_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

    Filesize

    436KB

    MD5

    b18fba1a3057943631acec46daca9ffa

    SHA1

    473f502cefaa1c54babf5044d203c325fe9c9861

    SHA256

    341ca87c230da2e920f786762e186b06473e498e29059da5facc583621f34d60

    SHA512

    56927aac47ceb7196648f73e05b4567ec068474ab05493d52380653b30b221e22ace10af29178b36153dcfa92ea155fed7b655b99e88619f3214faf9cb695826

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    534KB

    MD5

    5fc64623bd28c767ac3148541d6a9a21

    SHA1

    9ed43579aeb8d61bc18f5b1bfad939281c2821b2

    SHA256

    3d6066d80a44fc1780fb82c3b86fcf19a86f88ff0ece6911705ef576859551a9

    SHA512

    c5d1d3fadbc03fb49614d1b174d08065deffed8387799e673a43ce67b7abce73bbe95b4e909703bda2b5b1532690e4450c7811c3b209a60c2a1d803ecba4a55e

  • memory/3628-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3628-1370-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB