e159bb555db516b5609c45211fd18ff28283d8db963d903cb24aad7cada7b5a5

Analysis

max time kernel
150s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 08:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
Size

411KB
MD5

a9b726c46508d680985b8184aee77310
SHA1

5314fe0188fbb0bbf45404bab7a163b62009982f
SHA256

e159bb555db516b5609c45211fd18ff28283d8db963d903cb24aad7cada7b5a5
SHA512

958966362fcdeca50645db78283a923bf3e3049ff7d3cb068f3e605a2b90762d85359fbe1746839b6b01139d67d45cef7f34c5203bc6f02c240bafde923dbd08
SSDEEP

12288:7AIuZAIuOJcnBrEf2Ytz2R4CLyFddF8/0ys31fux+MTYC9ZPfKS4alper1RVzcR4:IJcnBrEf2Ytz2R4CLyFddF8/0ys31fuu

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3902) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5104-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000022f42-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/5104-1324-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\ImportUnpublish.vdx.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp	a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a9b726c46508d680985b8184aee77310_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
412KB

MD5
954f6544ea77d872be941ffa27bc3788

SHA1
aba63c7cf49a3840c3a24a237e37edfb6a4b290f

SHA256
1f0cb89f591cce5ebb474693a7b66fabd89a205d19376ad871ec8ac11935f1c4

SHA512
cc051a0f44ad6f7070881911ea936e026196dff3c553fcf6a6b4193c421ac60271d21f724a8619e91c316e19e58f9fb74306f82dcfdf7ceb75db29b3b5819859

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
510KB

MD5
899ee2c44adc0afc992284e7a9770a37

SHA1
b506cce1960598ff6e4ba23cd4594c9f11961bff

SHA256
49588c548e8a0432746bf686a639235589d7b1150bf3155ccdde9915e2ea43eb

SHA512
c30f8aa1cfe07c60e2a4594fcd75f1982dfe4476ce9a750f439be746b43b47cb7e4667f324758bf11999e11e7703758306d0872cbe1251b0f33545762e0f3bdb

Download Submit
memory/5104-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5104-1324-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads