33308c1dd8297b503d9b44a32c4ad81352ac2c069e6751c3c0974c3906ae20b0

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
Size

309KB
MD5

c1f2019cdc09a7567f99e20c7d791690
SHA1

7084179ac84be5c5f9e89b06ca27381cffd1961f
SHA256

33308c1dd8297b503d9b44a32c4ad81352ac2c069e6751c3c0974c3906ae20b0
SHA512

03607e40e84594505acc688a623111efb40e743127a30199b98475046f64fd8a2f3c857bf4ef7e816a4e65d689ff6c952d288d9462a2eb0f55327e2ead2f9e3f
SSDEEP

6144:JiQSo1EZGtKgZGtK/CAIuZAIuuQSo1EZGtKgZGtK/CAIuZAIuZ:AQtyZGtKgZGtK/CAIuZAIuuQtyZGtKgI

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4227) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4448-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0007000000023288-2.dat	upx
behavioral2/files/0x0007000000022959-6.dat	upx
behavioral2/memory/4448-1418-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c1f2019cdc09a7567f99e20c7d791690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
310KB

MD5
38407535f7f6d750ecb5d5dd577c1121

SHA1
e9da8bf7ff0b3ea29fcd9599ef59ca2bb3d9ec43

SHA256
0507ff38ed5fed5c58c20e69491e78ba2a3fae2fcb6961a1ef20664e2179d0e3

SHA512
dfb1bd5be31240b665e9c40e41210478da3afa5b10c96302f8268cbbc530eff1adc99f10db593292da1801acd2b43b877fd3f88f4d273a7139b28cbc5ca3a325

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
408KB

MD5
0a57808a124dfa39a938c80f37fe0115

SHA1
c0cfe4e51354f1f93e5fb2e5f964ac634583717b

SHA256
cb0ef0b511e01f886db3a4a9838f15ab0e847c9b28a010495c737e2b29d071f0

SHA512
4c4f418f31da13cb49469b7685f8debf82ea1f244de313756d6faa1b7a68ed81a106315f0d5a3ec88279d8d1975a95352129ac76ad91ea57acbd02fab57d9033

Download Submit
memory/4448-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4448-1418-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads