693af631163ee5ba474d0250afe5623f1b815b6622900e210a8288ab2671d408

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
Size

124KB
MD5

5425587f2cd4c5b783b40e976aea7980
SHA1

e5d52f16c9d8d7dccbe35bcc482ad6f608104111
SHA256

693af631163ee5ba474d0250afe5623f1b815b6622900e210a8288ab2671d408
SHA512

fd54b100c3e7d555a6d2e5caec1b67ed38fba96e01ccc3c5691349f207356d2ac161dd590b4e02c17ea5e4c2f0520287d4d0726c32ec9a0d77682ccb105b5ecb
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCb:+nymCAIuZAIuYSMjoqtMHfhfu

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4865) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2124-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a000000021677-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/2124-1786-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5425587f2cd4c5b783b40e976aea7980_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
124KB

MD5
3dee654194ee0b545b0d93e3aaf27ce0

SHA1
e7b2850dfe6d4f20ebc9f235847938d92d8ae934

SHA256
d85508a1758faee7d80b3c023dcc56385f7d7258ea1ffbbbcdb8ead49ddcbdc8

SHA512
bf06c28c8196e184b4320e2e18fe49a0a45e4beeb8b9b20383e232aed72b9ecd069d43cf383e3f080f34f3812707d18c48a6384a06e6bd032885a26aca3c2f44

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
223KB

MD5
557ac019caf716201f405b702b1cf173

SHA1
5f937d141fd750b0d7b05dab4a960f187fbd08af

SHA256
553b0b8d003a2bb5b3b970a081119e89338525a98e5e79cda3be1f337ba1834c

SHA512
0d0d512c2b25a82dd96ff7fdafb86c9e3403fa33d3ea007890821c37dad5a1faa3372e8488302fbd5e56469074f1e4bc19037911b1e7a8402aaec85e07dbe179

Download Submit
memory/2124-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2124-1786-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads