Analysis

  • max time kernel
    150s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-06-2024 08:55

General

  • Target

    6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe

  • Size

    97KB

  • MD5

    6e6abe0ed3fa07d643bba842ce383060

  • SHA1

    f1afef4b06d887b21a69e7e2ed0ac6aeebdc9155

  • SHA256

    e7a1606cae998e23061f56b693534ecd48a3ac4cf13e732c6f329f6bad257040

  • SHA512

    6af43d771247e8a0d8c4b511756ac18ed8f36135f4d0522112c10a23bf9eb0291997767468a1027b75a4ad6288f3456973902e8407234b20eab11bee8658a952

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/DMQBr:6e7WpMaxeb0CYJ97lEYNR73e+eKZ/Br

Score
9/10

Malware Config

Signatures

  • Renames multiple (5130) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6e6abe0ed3fa07d643bba842ce383060_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

    Filesize

    97KB

    MD5

    1ed3266e3cb1791091bb9e094f805ce3

    SHA1

    a01f3459286c80289d80d413aefe6e356695c2ec

    SHA256

    47bfa204ced62e3b037bc2940b1c4b23d60b0693fe93e0f0d5eec2bf35ded368

    SHA512

    006755ca05b83764f4c74f1a0644f7d26699a01e72e872d08a4dccf314545f23f794f8601b0feb9e6af9b2fe4657200997f4b525fbe2e6dd3666b994e7d10fbe

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    196KB

    MD5

    ae3c5f9aea6d057b1b6965b26ccbe78c

    SHA1

    55784c9cfbc9ba443b93a27f091b8a8d96ca6799

    SHA256

    e1d33e6038169cb26fed5f7becc7f34963d055b6f4ffdd90c26d05082fbee30f

    SHA512

    cad3548ca064df0c44660879fba07ff7cbb51473d26aa40a1a0cfd6af2d5a4ffcf13dfa92df21e654ad9da3fd3d138ef252b0c02b77761955d4a05c04ec529ac