1b133bdbd1d39c9bc42e3eb1432a0ddd2a163c1e0c250c86fe9210d3e12cb142

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
Size

147KB
MD5

06244f224d7d380167736f3d52a65d40
SHA1

ab36b9226fe7855552b31ab929549af949be5f59
SHA256

1b133bdbd1d39c9bc42e3eb1432a0ddd2a163c1e0c250c86fe9210d3e12cb142
SHA512

1ca06b12058045260bcf4b275abc419e951c2bb5a6b873cb16371eb65315b59fa545528e692230150c76e877ccd1d3d1cc7deebdadf75481303d26d55e1f2ffc
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJp:KQSo1EZGtKgZGtK/PgtU1wAIuZAIu/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4638) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1140-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0006000000022fa8-2.dat	upx
behavioral2/files/0x00080000000229db-6.dat	upx
behavioral2/memory/1140-876-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\06244f224d7d380167736f3d52a65d40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
148KB

MD5
0e3020f8f69034986c522346ede6e29e

SHA1
eb43809835607cfe7e8d7c29cbffa0445a6e3185

SHA256
d67a3657f087eff1eae34854d114d37fab38e500208129c8dffb5f3c444a5611

SHA512
a9f5e6e0f0449220aaebd8970de23ac5753c354120cf14ce7edc1bfd4bc52d0d35a338bb3413329fde71d06e982576c5fea68871889373b37e1b1c8c0d51b245

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
246KB

MD5
346f5300f45cdfd587d1d9e406941ac5

SHA1
751946dc8297284383ead6a7016676311de1ab91

SHA256
43ee242d0361a88d39ed0e0df64fcebabdaff1f628fcbe35fefdebba9dc47780

SHA512
c66ff9a0495692ec37afec66c5dabcf3db1ede9370cabf38236b5276f7bf744f334dcf0d8dec605d33d51cd00aa8b236e5c2fcbed9e89ab7d18daf2d2ac8bdd3

Download Submit
memory/1140-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1140-876-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads