4b68ea0ac562a9170d47b312b74576cb18d86dc5b3126b1819f730bf1147901a

Analysis

max time kernel
91s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
Size

3.2MB
MD5

95f2e81fc84d51feb1c8dd9beb35a130
SHA1

77df9c21a4c853b4a37bd3421f526e6a5e352218
SHA256

4b68ea0ac562a9170d47b312b74576cb18d86dc5b3126b1819f730bf1147901a
SHA512

6422caf2f0d8143bca8f6bf769734b32ce9d4df9b50e08a6a01ef7a63aa9f0579effbdd102cea951404b7d06abcb25617dff8729d374193305c881adc64d1c48
SSDEEP

49152:K8kAJeK5ZA/zd+TjK341N0M9v0qHYnkexQ8fwGOyF8H8m3:KNoA/zdqQQ/9v0qHYnLBYyqH8C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1528-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0001000000022ac8-5.dat	upx
behavioral2/memory/1528-2043-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\desktop.ini	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\extcheck.exe	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lv.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\java.exe	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.exe	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\schemagen.exe	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hy.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\va.txt	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll	95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2504	1528	WerFault.exe	81

C:\Users\Admin\AppData\Local\Temp\95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95f2e81fc84d51feb1c8dd9beb35a130_NeikiAnalytics.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 472
  2⤵
  - Program crash
  PID:2504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1528 -ip 1528
1⤵
PID:3576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll

Filesize
4.9MB

MD5
abf7e3839e815bec8265c4df200b4801

SHA1
aaa891b0c7d106e506c65a22177b48beefe0e0d7

SHA256
d5644a07b73ffd4e24eebb34ce97e6f9560dabee7b78c0dbaee5005a538881f5

SHA512
38c4974cd2cc015a145f8c1f7e9df727c0babc01ac319032aa7a27371f62b5ca7793c192f06384ca61d06d8578d53c151bdc25d5b0ced665aac9e24ba84f7e6f

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1528-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1528-2043-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download