Overview

overview

9

Static

static

3

36755e4deb...cs.exe

windows7-x64

9

36755e4deb...cs.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36755e4deba09a104836dc480cebe65056579d36417728b252afd2d7c82a34bc_NeikiAnalytics.exe

  • Size

    81KB

  • MD5

    eef369329e7b2ae045be54e56a273a50

  • SHA1

    d71ed5843d34b1b7c34cdd13bf26803ed1ec539c

  • SHA256

    36755e4deba09a104836dc480cebe65056579d36417728b252afd2d7c82a34bc

  • SHA512

    eb92861cd8b5218914fa9567c6792442718cdf6b53eae4b73d222e9bda95c2801247b81f810abaf196539374811d9e44588b9ea8b09b2e73162a4bdd8485bac9

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJxfFpsJcEKLF/MF/4fxRfx2MlgDDMlgDSCNFEXBwzEX:/7ZQpApze+ejfFpsJPKZ2wfxRfxzdYa1

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5074) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36755e4deba09a104836dc480cebe65056579d36417728b252afd2d7c82a34bc_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\36755e4deba09a104836dc480cebe65056579d36417728b252afd2d7c82a34bc_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
    Filesize

    81KB

    MD5

    91ceacec71a9bf50161864d022e102f3

    SHA1

    4b923a0c9b8446f8cba1b3b7c325cba535dcdfec

    SHA256

    62291062a5c4f18deaa572d4f611484bd0f4d0b23de94010e1d4eafb2e835c3b

    SHA512

    46fadfadd55bb0f566a95a3b98c96f2a4d864d0df50f57595d3208527900192b7ffee67f5d118de2b012d1f625a0db732c10105879b036b2b8333f497c58c025

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    180KB

    MD5

    fd4a9daa3e636d72ad1a61f548503497

    SHA1

    2f6cda876f9414a48350e1767e8db2630e1186f7

    SHA256

    bdff1dfbba47395b51ddb353a057636f3f5201e4b781137abba627391765a1c1

    SHA512

    d1528b65a02b9f3f14a690a07ddde2fe2620ac22f336207b6fdcc33c4460d13364e2a7d9d5aa4675a90e8e97b6c6761c5850b89316c9340c97222d9d736a98b1

    Download Submit
  • memory/924-0-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

    Download
  • memory/924-1804-0x0000000000400000-0x0000000000408000-memory.dmp
    Filesize

    32KB

    Download