Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-06-2024 08:55

General

  • Target

    6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe

  • Size

    97KB

  • MD5

    6e6abe0ed3fa07d643bba842ce383060

  • SHA1

    f1afef4b06d887b21a69e7e2ed0ac6aeebdc9155

  • SHA256

    e7a1606cae998e23061f56b693534ecd48a3ac4cf13e732c6f329f6bad257040

  • SHA512

    6af43d771247e8a0d8c4b511756ac18ed8f36135f4d0522112c10a23bf9eb0291997767468a1027b75a4ad6288f3456973902e8407234b20eab11bee8658a952

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/DMQBr:6e7WpMaxeb0CYJ97lEYNR73e+eKZ/Br

Score
9/10

Malware Config

Signatures

  • Renames multiple (3447) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    97KB

    MD5

    4cd6ab2e4d49efddcda9e133a86d409a

    SHA1

    3dfb1451580ff851014441fec9f3d97b256b96b5

    SHA256

    50ae3c289a5d7d8cdb97a303c03725ab4b2eb8a5e86d96e55780467fda39d224

    SHA512

    b24b154b598ac1fc9eb6b4dd0fa49236d5bf3512c73b805893a96a81fa298576ba8fedddc2166b8c45f85faee2aba87c397b75d40ba77032fed9c09850e2d55c

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    106KB

    MD5

    dcb3768897e0bf96c6fb59a41606026b

    SHA1

    2d0e80e6e0e8918c6b5bc3dfd13504dc9a387413

    SHA256

    ca9a52c86afba0d0a8e9dee85e9761635f0488baa8afed73badfc3a2ef4c9787

    SHA512

    76f7e56b057bdb428496bbbda6c67f326c98784f40f4f9cab20e0873c586730250ecd1016aa08396f39349a08f996908c7bdfddf350055cecb0372bff3701395