Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 08:31

General

  • Target

    6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe

  • Size

    68KB

  • MD5

    6abe45503245f75617535b6b3af0cb50

  • SHA1

    efe0c9486fd3f2b7da76dac1cda6abfed5f57a39

  • SHA256

    3927d414c049e273f46d16d926b1a79f90a2b33b47c9273e63b334a47f542c59

  • SHA512

    2ae4fe19189d4f29b6b3b81dc4f2c6b5ad426912cc033a1b9d99037967198bf8e2e1c34d032f26c1a69f575c4183add7993effda5ee58a9246ab5dd083c0654d

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXk4j:a7ZyqaFAlsr1++PJHJXFAIuZAIuz4j

Score
9/10

Malware Config

Signatures

  • Renames multiple (3493) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

    Filesize

    69KB

    MD5

    11cde4ee9734086ed72b9cd26eb27d0e

    SHA1

    7c7bad9e2e8b850779e0535aa45516b390e7ed69

    SHA256

    d2b2d859723849db624ae00c623864f2a298672f572e8a0f52f246a98991dca5

    SHA512

    5d9ebac37123467f596a0b8015fa0d8fb3e3556e6dacc1c31fd57006665bec3aba27859aeec172a9fa8b5122f77572bdb1358bbff6b3830c15612096823f9edf

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    77KB

    MD5

    a0ea7a60e20fd734b404736b3fb19612

    SHA1

    e323e77ed3691a6f3b6cab5f833ebcea40053525

    SHA256

    905a0490450879a085db20b6885ece0458b1399149f74c625b3d654251c4e683

    SHA512

    0d6c64d2b205e1b660124e2372a141753def65a214d65a925d682acaec53d6ba26546a97f7d347e918f320f1718fa4a901cc9bce80c262d325012b8aaa0864bb

  • memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1656-646-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB