Analysis

  • max time kernel
    150s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-06-2024 15:37

General

  • Target

    b17fa9c4b4ad1620d119522f638bb5f097b9fa90a1d15d7ffe09a624507fe223_NeikiAnalytics.exe

  • Size

    75KB

  • MD5

    899cf5792afff9d0715ad989554a0e00

  • SHA1

    bbfa5d8b8c53e8ca468b57d68d5ce42e73ae32a9

  • SHA256

    b17fa9c4b4ad1620d119522f638bb5f097b9fa90a1d15d7ffe09a624507fe223

  • SHA512

    f285d8e5febe0c10891ddce1ba0219a23595bdb091bb622eccf3c495a9ae08704413de94906a6ff2c8272b3040864cdd04c36e49ea9ad0c759d138db9992dc3e

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8e1A:fnyiQSoR1A

Score
9/10

Malware Config

Signatures

  • Renames multiple (5058) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b17fa9c4b4ad1620d119522f638bb5f097b9fa90a1d15d7ffe09a624507fe223_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b17fa9c4b4ad1620d119522f638bb5f097b9fa90a1d15d7ffe09a624507fe223_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    507acd1cda055e97b26748762efb3d49

    SHA1

    71894d88033c961029642ec37c91a03e44f85217

    SHA256

    846df8f5c66e0ace840d07b464c2f8df5c6b009d040a4773d2f0d5a0243beb78

    SHA512

    e0386f4765de91466eef7a74207099b8248cd9789413db072f77c54453fc1c5655a6e8b5a4782f348e0529b92b38816318b787f79f55cf009e3bb25871eeb4ec

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    174KB

    MD5

    f4cf1e4b9ef6a8cb216746e2e32f2e52

    SHA1

    0a06a0ed99c54bd4c9046fd42713d0f79fb3014e

    SHA256

    c94fad8bdc700ac96a3d7b2acb46bbc7cdf2325f7ad52d3c9ae1c852f696216a

    SHA512

    7270f5ca7754232f51eb34219d1c0e2f94b804eb03f572dd85525785ca8d34bca9e781cc44f2891e33b58ad1f6f805767045cb4b47294ab4174a2b61c711a400

  • memory/1904-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1904-1796-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB