Overview

overview

9

Static

static

7

640d885a5b...cs.exe

windows7-x64

9

640d885a5b...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2024, 04:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    640d885a5be1fa7d96b47436fe8334016909d72077dbda0a966f8d3c15429106_NeikiAnalytics.exe

  • Size

    74KB

  • MD5

    6007c627763f222d75a22cfa35592b90

  • SHA1

    a29fc25705fc1f4002b6ff7863fbecead4ec273a

  • SHA256

    640d885a5be1fa7d96b47436fe8334016909d72077dbda0a966f8d3c15429106

  • SHA512

    a246fee8a6ec26036a42a0aeab4fdc0e9cdda5f196a7ce40d44019579c1dc6878c118e6ab1fe100bd74823f5257f613f83e8cb227a96f2e462ece0bc23f68c82

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5tWIW9z0Mz0t:+nyi4Mef9z0Mz0t

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (5267) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\640d885a5be1fa7d96b47436fe8334016909d72077dbda0a966f8d3c15429106_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\640d885a5be1fa7d96b47436fe8334016909d72077dbda0a966f8d3c15429106_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:224

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
          Filesize

          74KB

          MD5

          787a2cc43e1cde714ef8c418183923a4

          SHA1

          d9c64e3ce98788635b2dcabf04d83bf2a032105e

          SHA256

          b30b8cfc3958fbe24c5f79ae54d926c4c44569b7b88e4559cb9a3e1a83ba8316

          SHA512

          47e8faced8883a01e6978418eb1a54a358577ff2a8f87a053e114ae34f4390877ef6596e93a478fce2850b5de47d2f5c2770a805e5600c7d02e4887e4dbbcc7d

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          173KB

          MD5

          d0862c64c8ee2922625ae497767d0e27

          SHA1

          26c0dcbfef2182f70e56c1562609432183aaa44c

          SHA256

          59a07c71bc1bedebb9907bd37b617552b9296103b004d1edde27a314514ce512

          SHA512

          99b75c5bdd5123ac37aecf0a03dad53667dd2e5a1cc5b1335bcc5e8dbab3806d0d9410ba4ada80a3589b5aee94b6fc523b091d1b08df75b0bbff4885000d864c

          Download Submit

        • memory/224-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/224-1952-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download