Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 08:37

General

  • Target

    6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe

  • Size

    50KB

  • MD5

    6bb787327aa6b860121aaddcb311fea0

  • SHA1

    32d15ad3f5f3494e02e8f1b7f8863d1914215b24

  • SHA256

    9013f1d436e516b7f601a62a8db8d13d309f1faff914449a5ebd617b2bf2c132

  • SHA512

    a24295bfd08742e1244b2e4e4acec9da95bffe369071e4207c9c36a7d210b3066209a6cbc9b813fcfc6783680da3b750c19e2bc288d9768615c56bd0e6089d2f

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNh9CcdS0AqN6WCcdS0AqN654IZF7+YIZF7+vQK:W7BlpppARFbhgCqCi7Y7/

Score
9/10

Malware Config

Signatures

  • Renames multiple (5189) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

    Filesize

    51KB

    MD5

    7b68b317254e2fe5a987dfad0e854427

    SHA1

    c6ee831d9e1862849c2ddd3d44b1f6925730c09d

    SHA256

    8cec90a3f935115bfd0ddb115ebe04afa93cfa891ea8651d028e1e4e958bb1d3

    SHA512

    baf4688db323b0b2a877bb852c4ea322a7ea9b64c644f7d7ac9e2b4d58266276bec6af267ad6943c8e15f9296500fba3a70745dff08c7f185439d1e4853ddf51

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    149KB

    MD5

    1f3868cd6c2a02205f1964e5e2ce0c04

    SHA1

    43033e3bbf462aa6afc2f5fe066265d6be3afe9f

    SHA256

    412c7885feadf7a246313f1ed6e0ca9d2a67acd177252ff1f04aa216010459cb

    SHA512

    d1bf7ba0985129bd0cc491fe376a2ad46e4831dc74666217b04fd72466b263838bbd2fba0d02dfdeb5644d98de515a7258c49ce25a7ebfe840ad411371f7149b