06406a0d53e8cc214e432b59493a23b5feec96414d9b9f32f177cd15b1d8bb12

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 09:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
Size

46KB
MD5

bf11a5185745ff519e97ae3c5c761920
SHA1

8d589e86046fd99549e98da6facd4e53801ba316
SHA256

06406a0d53e8cc214e432b59493a23b5feec96414d9b9f32f177cd15b1d8bb12
SHA512

f4df57989b698e45a079902df9745c0b486c1f00a0e14985784ba9e3f80d555f4d2904cc4a6b1be0796f1389497450ea1ba04a41d1ca3b61aa4b2f52fad15afe
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFVF:CTWn1++PJHJXA/OsIZfzc3/Q8hwYwQ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4729) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4392-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00090000000233ce-2.dat	upx
behavioral2/files/0x000800000002295a-6.dat	upx
behavioral2/memory/4392-1024-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bf11a5185745ff519e97ae3c5c761920_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
46KB

MD5
c0c15f9457533b5d3ba26c547b9e1f33

SHA1
2338ddc85423496bc51be55e567549de8b0e34f8

SHA256
9f44af27d51f2e12bac209336a383bf20ada7295ce33e85293ad4eb57824dd01

SHA512
726b10ca308c74a4cd439b545dc9050792f171807886eed06bd740c10904f0b4995c5f096d97e7a4fcf293c00b036fe7d1dc30deda059a51bf8a7c80eb407d07

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
f65f5ce3c1025ffdb764995f0768e569

SHA1
e3f63c5fd2b79869b713f201c45966ae94a9b74d

SHA256
0bd85ce9e294e31df171e7f2dbcd26980452a3ec55ca6389eb5398826892edb4

SHA512
586ae93e557934e3d505eabf88a82a38ae6c48cc327d8856f37911898b5e40079819b88af209e4bbf0b5e1efd55eace236e700929937f4f655fd784cc580f985

Download Submit
memory/4392-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4392-1024-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads