ee1935d98851e10568ca4c2aa9de6fc6489b4a31ba5244dd6a090a8d32d52ff6

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
Size

107KB
MD5

5b19ad7c3f5b178696e1c30485d69d50
SHA1

6f6635be18275edfcf63c069991a130a56fa683a
SHA256

ee1935d98851e10568ca4c2aa9de6fc6489b4a31ba5244dd6a090a8d32d52ff6
SHA512

fc0f58fefe18793653e4353749e839675f3e8f1105578a33a93a54b11eb9dd249c7dc003b8c59738dd7fa06827751eb6b64330128f6c89e2cee0649d3d601259
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbD:hfAIuZAIuYSMjoqtMHfhfd

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/208-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0007000000023305-2.dat	upx
behavioral2/files/0x00080000000229db-6.dat	upx
behavioral2/memory/208-906-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5b19ad7c3f5b178696e1c30485d69d50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
107KB

MD5
170ff5ba76d7777fb30aa9e96f888b22

SHA1
183bd174da175a9f42e5252a71f47523a8f5eadc

SHA256
7f75242d113dec511a48e123417c22e4cf4dbaddf539ff319cb1138e342a09ae

SHA512
3e2c56175ecbcc4f0328527f96ba0a5b09eaa62e5405748f82b05db1e2eaee3de1d5cd0393ab2397f8f8fff66a57a115636c247956fb2f7b84898be2cc942f2b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
206KB

MD5
2f4026ae224a05b2a402107000074097

SHA1
197c21f9b549b34021fe455c106ad5a4aab154f1

SHA256
c31a3335a36318064033977771ff75f909e9d6f4a8d0352b93943590344050a6

SHA512
d5f721a2fa82b10bc669dd4494f25ddbf24e48f74c0a3742a0574eb6a685ab6f87c3346f0ecc4aa36a68f39de20f31dc334ca61576eb68a01485250e10a580a8

Download Submit
memory/208-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/208-906-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads