4b68ea0ac562a9170d47b312b74576cb18d86dc5b3126b1819f730bf1147901a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
Size

3.2MB
MD5

95f2e81fc84d51feb1c8dd9beb35a130
SHA1

77df9c21a4c853b4a37bd3421f526e6a5e352218
SHA256

4b68ea0ac562a9170d47b312b74576cb18d86dc5b3126b1819f730bf1147901a
SHA512

6422caf2f0d8143bca8f6bf769734b32ce9d4df9b50e08a6a01ef7a63aa9f0579effbdd102cea951404b7d06abcb25617dff8729d374193305c881adc64d1c48
SSDEEP

49152:K8kAJeK5ZA/zd+TjK341N0M9v0qHYnkexQ8fwGOyF8H8m3:KNoA/zdqQQ/9v0qHYnLBYyqH8C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x001400000001033b-5.dat	upx
behavioral1/memory/2132-234-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\da.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadrh15.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nb.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\directshowtap.ax	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\System\en-US\wab32res.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ru.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ca.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\readme.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\ConnectClear.m3u	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
8.7MB

MD5
c1e42731454bda60de3394189308b936

SHA1
968fc7914c29bdfc373ee89eecbce5a6669cedeb

SHA256
29f400fecc71b2aa6fb0807f1b2b08b883e3b118959130b29ea5f1959670045d

SHA512
0d40c68fb0af31693d6851f8cf8697881d61070492de3401e85cd7cd3e1c464cc8b5218bb9c7c403cba7a43664b634074811b7c173e726ccd48e42de3e16be29

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2132-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2132-234-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads