89c05bf33b20e79dca6a2dbdf9cd6321ab5e367ed41079acce13d166191564fd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
Size

102KB
MD5

0cfcf09ed50d4dc46c5f690e3dc5da30
SHA1

15f63479f22e1cbfa49600b7a51f2735075edc14
SHA256

89c05bf33b20e79dca6a2dbdf9cd6321ab5e367ed41079acce13d166191564fd
SHA512

d2c1463e61a933f28b5201e8f96cf584a15ddcb418b9041b6d209c7cddc20ea12cc2eb7ca5df9def36ae833ce6b4dc5cea672a198aeb0e4a3ea2fafeb90f1934
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfC:hfAIuZAIuYSMjoqtMHfhfC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4838) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4328-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0007000000023305-2.dat	upx
behavioral2/files/0x00080000000229db-6.dat	upx
behavioral2/memory/4328-920-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0cfcf09ed50d4dc46c5f690e3dc5da30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
102KB

MD5
ff7ac618065c41c776fc7591553d263f

SHA1
a77e1bb43c96507525d8fce010511c6bfc047630

SHA256
9839f94ec0305614a95c18de96676ad763a200fd99571c54ec941fca219052e3

SHA512
ad6fb5d4040fb5e64b21278ee87da76c889058c5c46e676d376d31bc8006175531fb597984173b2f5505f84e47d51bba5f5aeffb57f8805d8ec50c7deb172e37

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
201KB

MD5
1c14456e0e46bed73179b8bb7349a794

SHA1
6884ab2ee67cda0fc18846684bcb85490c2b1b1b

SHA256
52eab09f5e96539521500e56289a5ca306ed0fe2472a816badd60ce9d7026679

SHA512
6dd8fa09a5e546f18703c229e1701be6d78c7322b58de15d3243724a2716548e95522ad3915a8f8a7815594c04bb9c4015a79582c94737fdfbca6c02d01c8c27

Download Submit
memory/4328-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4328-920-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads