444b83f2f61bfdcfad386fc51deb81a7c73999cf18a56bbd734b108d77267fa6

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
Size

125KB
MD5

479090fb4448769293cdfcd1bffe1390
SHA1

ea03bd9e3fb399102e4237cff563cf81bc813341
SHA256

444b83f2f61bfdcfad386fc51deb81a7c73999cf18a56bbd734b108d77267fa6
SHA512

4edb312c5f3c0dcc3bc07723d95656c44f7b017758473e8f4c92be6652d17237df4c946eb6a4c4e502794fb0d4dc347575c825c13d241729b63549ee25964fe0
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCg:+nymCAIuZAIuYSMjoqtMHfhfV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4874) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3800-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023358-2.dat	upx
behavioral2/files/0x000800000002295a-7.dat	upx
behavioral2/memory/3800-1792-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\ConvertMeasure.001.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
125KB

MD5
16761616e5712077a3dc3f47d8fc2387

SHA1
dc26914cd56e8fb88fb846960643590144fc1887

SHA256
a55cdf55a0d34c5f266182993920fdfcf31c9e5cd25e035dbe0b70ad63a12569

SHA512
f692d5b96ae89bc8529f770d5e411df1a9a6be7c5eaedc43783ef102dc21fcb7ff101068177e89b773c5ae42a037c3f70d85666bd9729605cd0cd52a3e99e102

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
224KB

MD5
570d4ca879e809c28f22256e1c5d5f28

SHA1
365f559d5da19e307ecd2da39fd9ee17d50f480a

SHA256
cce1d734d68749635fab6f5ce6f22582dd985e5516095aa74372032efa5d27b9

SHA512
acbc4f3c2a7854c69dc552cbd34f7e6a705f1513e010cfab65c6fc237718ff54487b60e350d8953fff05112a9f9257789366773ab1f6b11ac8871deed4d2f1cc

Download Submit
memory/3800-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3800-1792-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads