707d665e3acfdbb5a925cb739b4bfc59ed79e12291f33721dac3100899cfc12f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
Size

202KB
MD5

0c2b38b49ed1af31dcb2ec264ba5a100
SHA1

123478781f0360c304f8d1aac23430929cb42456
SHA256

707d665e3acfdbb5a925cb739b4bfc59ed79e12291f33721dac3100899cfc12f
SHA512

6782f0a53535a40384d02b132b7f1c1de47be3b0c33fc4de5c6070c8245ff351af8bcba3b03eccb45a70ef4fdd7476b10edf23ae08fd7574f4e1272e4df0a500
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfmLIwuyKhr1nOL:wHm3AIuZAIuDMVtM/sLIwuyKhr1nOL

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (321) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1540-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000132c6-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1540-50-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0c2b38b49ed1af31dcb2ec264ba5a100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
203KB

MD5
acd69cad3435b2e572d9d7ace6c538d2

SHA1
a69db5383bb53907685550fbd74c7e9a70720103

SHA256
ce4523db26d63fd8b2436521c5802c52971b4b4ca96e7b0dc74b72be5157f42a

SHA512
58ff7c3194602693e5c4df3c32521f23f24909f5c846446b6b3648ba1c5810cc290dd6bfaed00dbd628123e3f3f9fff641258d20a8457d248c7fc2ad8574009f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
212KB

MD5
94eb4f84f8e23dd0c43ab92640c6147b

SHA1
ff5e0173dee77e1cbd37323e15fac90c11ffba2e

SHA256
9326ee4861567ea67ee011a34ca57e547f1f073cc19b013a46e38b2012b56960

SHA512
d89bb7dc8317f29a49be545d06c5756f82c833063545b75f58bb53e303f701556e3df90198887519f683797e48485343d77c83f9aca4efe855d3214c598383c2

Download Submit
memory/1540-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1540-50-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads