8e3665a50ed71c1d79872b232d3d5fa90ea66c36c316cdeb7a8b0ba7b5742bda

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 12:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
Size

103KB
MD5

0f71f0e941f02368da2823b889e9fd60
SHA1

617b99643cca35d674291a35c5f5f40bc95288ee
SHA256

8e3665a50ed71c1d79872b232d3d5fa90ea66c36c316cdeb7a8b0ba7b5742bda
SHA512

15fbed414b70d58b96e216f37ae3196cd60327b3a441138ed65a1898dc77e1606003e8ade17900b17ce06daa80679af9ddaa28aa5a779b1b7e40e71bcdb143dd
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfZ:hfAIuZAIuYSMjoqtMHfhfZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3224-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00050000000232a4-2.dat	upx
behavioral2/files/0x0008000000022996-6.dat	upx
behavioral2/memory/3224-1066-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp	0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0f71f0e941f02368da2823b889e9fd60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
103KB

MD5
c9efd0f2ac80946b7a63f00bf22159db

SHA1
53c7b093c3fcc7c067b02cee1621947bcc0035a5

SHA256
6c83405eb6df5d1c6e98a78eafffdf628c0cda8a09b5af3a241eae62954115b6

SHA512
95c72b7a69a62a38e958bbb9ec91b647a29f324c285d17b3a35202e4b07ae89afb119522cbcd76387998d9b0f19627d1e7c43eeea07590e53616c136e5a0094a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
202KB

MD5
6ed216c9cf840c2cd2b05f900058a85a

SHA1
ba9b667c9448e4e32764987e81fffef627e3db96

SHA256
033c6db55e461fc754842d582f44b71338ddc2615a543cadbd884d3d0399a3be

SHA512
a0dd03887ee5ba93728e02ebfd482c4afcd53596a73a12bbb9c1794b02086302c8d2794c63d57cebd1e9c19c30e419985b6134bfe85caa4e5ebd0d1b06c0f65c

Download Submit
memory/3224-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3224-1066-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads