Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 08:24

General

  • Target

    69eca288dd055233d9d421416e3264d0_NeikiAnalytics.exe

  • Size

    46KB

  • MD5

    69eca288dd055233d9d421416e3264d0

  • SHA1

    386e7180aea80972fcf91d8f68399cfd874ffdb7

  • SHA256

    9a5e287d6479da9336969bc8119f5c1c46cc6e379034c305ce734ec002a9e803

  • SHA512

    bbde4762f6f31db4609deca9f31e7f0c09fa1394fd41cc91df1cd88fe9ea61c66b4fec938e6749c5103afd5116d4e4be2134fa99395249de8a3c8dfc16a3a34a

  • SSDEEP

    768:W7BlpNLpARFbhblkYlkuvIYFdrtf8WUtf8WL:W7ZNLpApCZuvIYXOWjWL

Score
9/10

Malware Config

Signatures

  • Renames multiple (3532) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69eca288dd055233d9d421416e3264d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\69eca288dd055233d9d421416e3264d0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    c6032121a029b692e631c59fe413b197

    SHA1

    df8df51a643d372ec6721a8778d72a96dbd9450b

    SHA256

    575a5da5b5f565b8c3bc9c6dbf806a9295bdf9f747b6d63f00159fa02df59a48

    SHA512

    a757428438c146d4a7cd1950c8da33d111076eb9120ad2d919680c2c20411da0c707d49a1f91207e8e585d38a84dd90da9a54c377bd366c807063e1bae61f5b1

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    56KB

    MD5

    17b7d38928d4ffee66a031d1f3645403

    SHA1

    80bf150e596a34a292a40ac3f68448dd2e01eccf

    SHA256

    c254584a07bee842c828ec7dc1c7bfb628bb24626b613bf0426d7c005c80f952

    SHA512

    a5c72d257bff179c2453410eebd79a08a817f70da9ade372973bd9c62bba27fd0a2d1f4348969ac5c70ced9b7cec664a15d92fff5332769b83f6f75697be1113