Overview

overview

9

Static

static

7

4925bf63ff...cs.exe

windows7-x64

9

4925bf63ff...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 10:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe

  • Size

    66KB

  • MD5

    f3be0ce92dd8636fba8cbe372d4e8b40

  • SHA1

    5f0c1958a22da13c8b7858061ceaae257bb964e4

  • SHA256

    4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b

  • SHA512

    1db897c6e37a830154d28a8dc54811616b37494f414a1034bff1ab2d24d84d83fc2f72a38cb58e0a134e2921b9e05fb009fd132738c2800088bb57fe28a27689

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwABT37CPKKdJJxdPO9Ot6K/K2Ch:V7Zf/FAxTWoJJ0TW7JJQOEK/Kt

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (866) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4268
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4828

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
            Filesize

            66KB

            MD5

            5ef043cc2b89426a19d76fce11e6171f

            SHA1

            e7456c88c40a0071c3f980b2dc659b3b17969ae4

            SHA256

            cef6ed79b29f7fb86b7cd7c0bb1e6af23d953b262134335577f5334c8483a03a

            SHA512

            da1b6b3388f71a386db19d5effae84bd382e3f3c2a1cb07625ec6ee714bf87e699d856ba544652aeb9ebd6e7d53add22df7f573c329d9ace84526aa9e6631627

            Download Submit

          • C:\libsmartscreen.dll.tmp
            Filesize

            66KB

            MD5

            4c6160a4fb543e861ac27ddc79eec417

            SHA1

            95b5464db35692eff990734c7f72fae668cfb901

            SHA256

            76787170a7f4f55dda4a745cf16af743842174a57c00887638cc82731981d449

            SHA512

            7ffc2e10d41a76a3dda81e1f37062a434dbcd949ac1b08f0b32721273d86ca955b33cd4142d2ebed0ed2beef4e1b220db847f373fd0293e21cec1cbb1cc75204

            Download Submit

          • memory/4268-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/4268-398-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download