Overview

overview

9

Static

static

7

32ae8d3100...cs.exe

windows7-x64

9

32ae8d3100...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32ae8d3100796bf5e2ea2994cd344737b9f7d7af7bd22500b572c7fa3e30bd4f_NeikiAnalytics.exe

  • Size

    54KB

  • MD5

    0ca32ed11cde1b8e6f565b0374c965d0

  • SHA1

    0e51d6816d6f24b0f3323fce4c7df63287d07c3d

  • SHA256

    32ae8d3100796bf5e2ea2994cd344737b9f7d7af7bd22500b572c7fa3e30bd4f

  • SHA512

    235e53594d898802cba7da3fb245abf56fc241d7e6fc12ed0028a1ee565ed643f2f1403e129adcb17dc99a2327f55189316728e8f29caabd7c0cd9c815372cce

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxZfxRfxe:KQSoWf7fs

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4874) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32ae8d3100796bf5e2ea2994cd344737b9f7d7af7bd22500b572c7fa3e30bd4f_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\32ae8d3100796bf5e2ea2994cd344737b9f7d7af7bd22500b572c7fa3e30bd4f_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    54KB

    MD5

    4596210ee37ce77baf84bb10a871508f

    SHA1

    9c87fef25e858f41303714f0f688759fb58be447

    SHA256

    42e56628477c145e036319b2886a4ffb2c87d14a411bd05f84693f8d562274b5

    SHA512

    3d03c30dc1e27839f3eef3b4f57a4d18f9cd2479a4773786b0ff36dd269ed3b1b50ad92d0243874d5ebbb1280ee9bfc60a4b63063ea69777700c77a1290492be

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    153KB

    MD5

    dd8104077d1e7db5fd5e63487de55e65

    SHA1

    0c9690fdd65761123abb8a8b581fdff7a3bcca93

    SHA256

    2b88f0543c4007cad1fcfbbaf5e51b667e7f1fcf2dbd6aabb6663dd834d66a16

    SHA512

    e4a65114cd70d42560e61585d0cc75754451d07d3d61c843a7edb88aab16efa676682282f0693d4000ed49b0735c473efd3b444e15b9842580d70d75a1660289

    Download Submit
  • memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2056-970-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download