1b42e0ccdf750f7f7ca9d874609534850ab5bebf21327c71abce35192337ef5a

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
Size

113KB
MD5

a7d72d08689ba1701dda70eee0482cd0
SHA1

2d90b3d3e018c87138b959da8e60c8d1ee93e3c6
SHA256

1b42e0ccdf750f7f7ca9d874609534850ab5bebf21327c71abce35192337ef5a
SHA512

66305a6fa2826020be5a3aab0b13611aa5ee00ad8d924b43e454424c6e3df7d24ff8b355c53fa93b12bd8d8d8bc58cc513b18b98b8b82336e59938aaf03a937f
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf5Sn:hfAIuZAIuYSMjoqtMHfhf5Ssk/62

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5124) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2588-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0009000000023607-2.dat	upx
behavioral2/files/0x00060000000168ae-6.dat	upx
behavioral2/memory/2588-1090-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a7d72d08689ba1701dda70eee0482cd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
1⤵
PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
113KB

MD5
a23be29e0a1e17d56bbc1d5f7e043ac5

SHA1
4a06b43484cd78501496cf4841f2efcc4cca05d9

SHA256
405aecf8dfac305077522f1041e10860c1274526ece5642b5af52d1e746d4564

SHA512
09d365be47dab41d9189bfa22c80a8c0903010b8045877884f2a907a6904a8d058dc4f4faa082b3a9560973debc2f532bead74b0bde465aec717164233f27bcc

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
225KB

MD5
6dadb9dc1d817a55fd377d0ffd07d655

SHA1
8baf4fd5184b924031635bceeb639273752a05d8

SHA256
507366fae531c3413212b830b4657c97189844888e1e1ba2871aa1fa9f816364

SHA512
3241e9d45494550c33c9d0b4652ddc562f4ba274e34993362c9b7a757687d9b4d4cc88e15894f7183bf1af6c1e67a5dd9aa3100347979654b200c16a508542e9

Download Submit
memory/2588-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2588-1090-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads