Overview

overview

9

Static

static

7

2db675951d...cs.exe

windows7-x64

9

2db675951d...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 03:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2db675951dc7df54ca5e94b8b54d130af430304fd5e87f30ef8492d65f3a67d9_NeikiAnalytics.exe

  • Size

    68KB

  • MD5

    fb4c984bb49271ab047e1b4dcc8b5bb0

  • SHA1

    d49e34c25366022bbe10282aa242dc41d25b96ba

  • SHA256

    2db675951dc7df54ca5e94b8b54d130af430304fd5e87f30ef8492d65f3a67d9

  • SHA512

    dd3bcfe855b4736692aad7f19eb6d1e0385a9f5c68a45e027a47eb1d412ea562585c979b68302a75b02f84f5c5d2ea5ddad8547da64763033373e5cd248ca063

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8MZ:fnyiQSoD

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5216) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2db675951dc7df54ca5e94b8b54d130af430304fd5e87f30ef8492d65f3a67d9_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\2db675951dc7df54ca5e94b8b54d130af430304fd5e87f30ef8492d65f3a67d9_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2452
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4456,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
    1⤵
      PID:2456

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
            Filesize

            68KB

            MD5

            14a8f7270853f01dc1306369558c8d8c

            SHA1

            039916694d6ec5e18a8874068cb0af38e8401338

            SHA256

            bdb9d502b3ac98d224d1e1351b9e84d210b095608d720e09c5cc2732c7467139

            SHA512

            8399062aa2489bf20d9a7b98caf536eb86f10bd491a3650ac455838445caf628ad2bbeed8d6789c6cf4561b3729bae38d11dedcba370400188c680a1c80c64c0

            Download Submit

          • C:\Program Files\7-Zip\7-zip.chm.tmp
            Filesize

            180KB

            MD5

            1b4546ef7bc9c3638c4df059559847cf

            SHA1

            d788a07967d9db836e2428ffb8235e48c8f58c87

            SHA256

            6ab5abe4ed930199a0a7593df8a8e06e57f5814d2d5a679757742985e3235ea9

            SHA512

            09d2a88eaed4503436f9a9183229c100f076981e78e77dc6130abf2ee1dc452d73f35bbaed63e5c2da3e3b1011e4b9be25cda49f462f707d8e1543407ce10ec3

            Download Submit

          • memory/2452-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2452-1919-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download