Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 09:54

General

  • Target

    48b9e425e584c511b0ed01a410d20f79e0c93277fa4980c43ebdb2f65b4d2710_NeikiAnalytics.exe

  • Size

    48KB

  • MD5

    116de5b2d018e63c777da70e943ad8d0

  • SHA1

    e4454d4d38f32baa3cb7d78c4893a06df24d8f06

  • SHA256

    48b9e425e584c511b0ed01a410d20f79e0c93277fa4980c43ebdb2f65b4d2710

  • SHA512

    1f4fbea41e0299100f0df2ff68ae97c5859b4f32fd85d8fa11d05358ca20d84c9f07bb4a2d4a85f5828f00033181d6fd70e03d9a1ae47208fa16f825d47ce896

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrRYKYUosMosnn/oA/op9IsS:W7BlpppARFbhWJq5nosMosa9IsS

Score
9/10

Malware Config

Signatures

  • Renames multiple (3611) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48b9e425e584c511b0ed01a410d20f79e0c93277fa4980c43ebdb2f65b4d2710_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\48b9e425e584c511b0ed01a410d20f79e0c93277fa4980c43ebdb2f65b4d2710_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    521a3ab197492017f80519f9d3cd8e67

    SHA1

    0d5d4a25079b43eeb907fac301db457cb23c997c

    SHA256

    8e06f1d5090fa38a7fb4f5c67a32abec3bb4e70c3a3c79cc51136b4e912e4454

    SHA512

    10d7f35f1fad55a06d698560a0e9d1a498ede4327c656b0e5dd021b3927017e1dec29e256f3db2d31fd6e3a2f4e76321211ad4ce9d635b9aac9e3b79493bd9b7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    57KB

    MD5

    a02e8505db2963b65022c8f84232dba4

    SHA1

    6c441984b4d81f6952484e1f7cbac54bece23b3b

    SHA256

    c43f64c6b0fe4480f84b8587ab857645876b390bf81fc2108eead418d8776459

    SHA512

    ea4caad51acf5270333d98830476063d0f6feb5024d64b7125d4a8e15f808fda7500234518f1b889bd837483a15eba7521bdd8dbfa2d8735a4df16ecc492181c