Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 08:26

General

  • Target

    6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe

  • Size

    67KB

  • MD5

    6a29ac6fb7424377296e6485c8930000

  • SHA1

    9cd1a5ffd4a9a8fc92539faa369d095d16daa73e

  • SHA256

    9e56a1497231cda626066d47b7c54f468bbec41a5aa20f0a1d1103451dc61949

  • SHA512

    688e8b786016e5827ff52d83a68a5bd915e0a9243ab3a91119ceb4c73e6eab991233258cee713d9d1a619ae4475612a3d3a53e8e19d3cef04e5aec8db8578f3d

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8j:fnyiQSoA

Score
9/10

Malware Config

Signatures

  • Renames multiple (5036) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:5548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

    Filesize

    68KB

    MD5

    10ae1b200dbd9bebb5b7900ae24176e8

    SHA1

    ad5006b5925af9a7c822154c661d10b99263c6a5

    SHA256

    3a304f6c004dff4728bea943b5bed84fb7d737b06d8de0f42ddfd21dafda94fe

    SHA512

    1c56b01678a1117c8351c151f9fba603fd0f48af96f6a924639d21d5d1efb4ba8a5dded781b32badf1f1accf40ac78e6997aaa0ff079d0dcdac1040b20136086

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    166KB

    MD5

    67f886f77de3a66346f3462fdfdaffcb

    SHA1

    2471101fcf50514c74e29f39bfcbe8ca31879548

    SHA256

    30a2b1f0a1355d88227207b20a79817da51c6c37f4111fb36247205831fb5725

    SHA512

    9f24f4f0685a2bc7f7d09d3fe0c645ada7385bc56cc1fdfeb53a06f8c7bdd6b52d5a0b2e541a521e3da5f29145912ff4f5e065c14c613817078e6e40e8441a3e

  • memory/5548-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/5548-1798-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB