Overview

overview

9

Static

static

7

3b31df7f29...cs.exe

windows7-x64

9

3b31df7f29...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 04:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe

  • Size

    72KB

  • MD5

    48ba8d9fe0ac42cd90f38077d1e15610

  • SHA1

    8abaef09718f486974db5530fddc1fe61fd04818

  • SHA256

    3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13

  • SHA512

    b329d6bcdefdf0a71ee2ed224ecf62ee609bcc512df82ee92fa527b2668bd17d5a2003a16d73ee667b9c21f00230bcca86a7ffb18af0427db40cbbd546e9aae3

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZv:fnyiQSo7Zv

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (1723) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3708
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2372

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
            Filesize

            72KB

            MD5

            c39be482c7ee06855e8ede7ac012783e

            SHA1

            9c890c1b6f591dfcc7cb0718287789e283998c93

            SHA256

            3c7b69266f88c39040dfe0fad3927cf28aa2b8c8a6f317a2f3e43ac53443175d

            SHA512

            4ba39e967c3e2bca43e67a47c65b8bf1b2379ec842703b7798662e75157b5b138cc34986b706bed944169138838c83fa08df75c5536c8a1affc0b184360319dd

            Download Submit

          • C:\libsmartscreen.dll.tmp
            Filesize

            72KB

            MD5

            dcd4b6e06b6bc82b165b95b1088bfbd1

            SHA1

            c959e5644d255ca279695ae46263acf48329e09a

            SHA256

            65f3f16ed591f4733dd4fab876cdc4accae1b4c023c495c2d867e461f79bd9bf

            SHA512

            a1d204971c14f7e03423aba408e779c6c2311aba6c9f8aea70c2a427d31d17dbbd90b06e3d2e9956e9396601631610ecd74575eea04b377dcf2fb9acb8577abe

            Download Submit

          • memory/3708-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/3708-444-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download