01efad4b29bb06e7505f7fb9d431f7d5826071665fb3c617c735a2f28025c34a

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 11:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
Size

97KB
MD5

c589f5a1e646896f3edb4ef78d7f5730
SHA1

69c0adbf7347375ad232ea39e6141a5e8a16f6d5
SHA256

01efad4b29bb06e7505f7fb9d431f7d5826071665fb3c617c735a2f28025c34a
SHA512

392893670f6a635db2ed47ab7ea9d7e40654bf96d256dd0d143afb42395cda2ef20d5e3f50b205cf8212cab59c06a3fe8ba7a13c4cd17c96a8d35f79a1912a55
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf96c:hfAIuZAIuYSMjoqtMHfhfX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5026) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4312-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00060000000232a6-2.dat	upx
behavioral2/files/0x0008000000022996-7.dat	upx
behavioral2/memory/4312-1098-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-pl.xrm-ms.tmp	c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c589f5a1e646896f3edb4ef78d7f5730_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
97KB

MD5
5381828753ae938f3d61ff98ef08ee10

SHA1
802a912cad4a936001d56d0a7e87e65f4a75f7c5

SHA256
ea674a00a0b0f7f6bdf911477421bb0cfd72904fa5249c9a52c25782d4c2b720

SHA512
0a71747cf00a6e251479da2c58db51081dcec5eb556c0edad916987fffc15ef663c9308ce0572e669460638b7cb52417189f13dccf7bcef95f7befba670e7bb8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
196KB

MD5
6563eda1e18b807b7baa23f85a8a7115

SHA1
7c255acba77d996b0422c35b3f556e133a144db3

SHA256
db106fa9c822638c6e2fddd95907c741a0f0ea9485a43d7bb53d3b3ec9c8c1f7

SHA512
be3358d692fe5ecdfe063f95158f563e5ebecd19008d4ebe3484ec10305d2aea337fb86e4d523a5bce9b3f3d761138641261ad9e84d244fee8cc1343ccecea3e

Download Submit
memory/4312-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4312-1098-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads