acfc1c38a3cd8aeff86bcc456dfbccc1cb151324a7b21d0ec4b57c2a6c360d52

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
Size

233KB
MD5

cefc238441f49df074f5537e2142c990
SHA1

e4a1c02e93a9cb6acd7757fc9187a8df3493c365
SHA256

acfc1c38a3cd8aeff86bcc456dfbccc1cb151324a7b21d0ec4b57c2a6c360d52
SHA512

51e22528555e47f36527fcd8a122b0fc85ebd32040bf178a9e5b162e7bda2ca458d739f7409c2416c94b2ebbba0b9f78d24ed6464dd1fdd3f82c905981d969ad
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhf90NQn0NQvfAIuZAIuYSMjoqtMHfhf90NQn0NQZ:JmCAIuZAIuDMVtM/7fAIuZAIuDMVtM/l

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4656) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/356-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000800000002327d-2.dat	upx
behavioral2/files/0x000800000002294e-6.dat	upx
behavioral2/memory/356-1596-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp	cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cefc238441f49df074f5537e2142c990_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
233KB

MD5
58d4ba69079d77bc1ae5917cba8c7571

SHA1
e625a6ef0fab3d69fc41fbda46905883041f8553

SHA256
d761703421c34776ac1579b0860081bed4826041391f1ad74fbc105ca209fcfb

SHA512
863b30647b7b6e90e1baeb10a6d232ce5662bf1cb1e0b9d332b2ee1a07f950cb722f0971f21e7c173328f9a694433102de65a5a05989a71e75f4960c17935b0d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
332KB

MD5
f687560767b6936de2fc83967aad5a45

SHA1
b80d0774b64dfe5e5e25250957a6313f56d38c1c

SHA256
530b79d8ee78d25cddd57801d77ea242622e670736b1d79c56ae1c445d371418

SHA512
088e9c4554b26e74e4d5f6f4414b0c680d044fbec4516a657d09c6eb55778ece3b4d2e9c030040555adddfbc21cb757d035132b9362969e624412f6e0e30a711

Download Submit
memory/356-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/356-1596-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads