69f92a25d20b2f1284d8d3341053e51b151903de6574cec11f75c41508aae5a8

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
Size

168KB
MD5

469ce72d61eb4f4cae649c49bbee81c0
SHA1

459b97264f614cdb0df2e6cf7187db14c8f39c99
SHA256

69f92a25d20b2f1284d8d3341053e51b151903de6574cec11f75c41508aae5a8
SHA512

1417e57355c44849c2b74ccbb1e2474e8185ce2bdab07120aad377fbc5697f1ee348163395847bb2f7ce93fd1c682d153d965c7e5bbb4d8849a1b9193a5ca236
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuF:JiQSo1EZGtKgZGtK/CAIuZAIuF

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4714) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2176-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000800000002343a-2.dat	upx
behavioral2/files/0x000800000002294e-7.dat	upx
behavioral2/memory/2176-1628-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\469ce72d61eb4f4cae649c49bbee81c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
168KB

MD5
88562254bf94bcb0001243b3e3be47d1

SHA1
2fceb8e058ab122ddb63f8a3a587578080d9b43d

SHA256
5767023d9994ddc75536cddad5c9b981d965c89ac44898e174f3a903d95bacda

SHA512
e3e0f2c0aa1df1728630a22d8926249076ae2b7c3b53a496887ca571dd60c9843fc9f808a517dbe0ac9f53c75e9a6a6258557e64e8f5b736d5489b65854dbd28

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
267KB

MD5
d0a1cb3760d4f23a25fda1a8f9702fbe

SHA1
b94014371faf27ef678a46dc41d67c2dfb6d1fe5

SHA256
ce394b988697d67b61ac8b04dbf59eb33618ce4986a07c84cc8aee6e70947948

SHA512
efa066a945ac9e550a8f3d5e013902edd1332ff6fc44f19aeb29a4c2a54eee4692ccd7c64538fdcfb359449b17bb22ab34b1770d132a9457d4dc49c87839f333

Download Submit
memory/2176-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2176-1628-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads