a4e13e4b08b0a8d32afc160da25eccb1214481914fa0492b895b75c6a1333509

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
Size

161KB
MD5

8150e4af19ccfbea92520c8588caf710
SHA1

ce439eb0a974f7e68c17f4674fe9714a1abfc347
SHA256

a4e13e4b08b0a8d32afc160da25eccb1214481914fa0492b895b75c6a1333509
SHA512

74a7a4e4bfe9a22c8fc3535bb77283b3171537aaa66347001369f67d04d0181377e146e835fe336bc02d8083bb724c367eb6cf6907572ef8fc109936b9d1d72e
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtd/CL:KQSo1EZGtKgZGtK/CAIuZAIuvCL

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1148-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0006000000023270-2.dat	upx
behavioral2/files/0x001d00000002292b-6.dat	upx
behavioral2/memory/1148-932-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fi.pak.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8150e4af19ccfbea92520c8588caf710_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
161KB

MD5
d24fe7fe584488018ef541fdf73feab9

SHA1
c7899b60c1b44d1f8ba225e1e312c4e57b48999d

SHA256
c5109697eaee0bc5708e6f89b07448f97a0706c1fe217bcd407b47e22526222c

SHA512
38731f8f613edd7465aab371ff43385f65578cf03ed00832cefb7db3420a6b33185e29f897b0dbbc6b543fafba1111e730a151087b69621482456e7a0b9b2539

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
260KB

MD5
5805b8a4020a3b9a26b39dc418fa0803

SHA1
33f358b6f938f0d24148e492386942040fbec9cb

SHA256
4eee3fa48364d2dd233bb359e6737a41342c63dd2602fb34b132e94eff8444d1

SHA512
6bb35bc5f35061d9ce09a90e54cc8c494ed3220fececcb2faa584544e525ac5421d9a60bf19404e42781c6664b14184aa87f947b6ff986e83ec83795f24ab029

Download Submit
memory/1148-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1148-932-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads