4afe122215e9d7b11cb0a79ca5702cd1e0708d76d93709ad82c4c574003afc11

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
Size

219KB
MD5

ca65f7b631195d61c36f4209c8ef7e10
SHA1

5f7dbf287176c28b1f25b245ac142f97035edef1
SHA256

4afe122215e9d7b11cb0a79ca5702cd1e0708d76d93709ad82c4c574003afc11
SHA512

8e75d1d0eedf1a9186528d35fb81c780bdb9986e56e08db11f4754e3d35ba8f66ae8e412e2d6fbe2f0b10571c504b84102d384f1e698a16fbefe03ffb372524d
SSDEEP

3072:fnymCAIuZAIuYSMjoqtMHfhf2blfAIuZAIuYSMjoqtMHfhf2bl:KmCAIuZAIuDMVtM/OfAIuZAIuDMVtM/q

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (334) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1336-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000014738-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1336-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ca65f7b631195d61c36f4209c8ef7e10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
220KB

MD5
5fb21d0eb824a413b4e5e841a39c5cae

SHA1
a607fbad311c52bcccf6f78c4daece12f3750360

SHA256
2e0f4e8171f24a5a3c67285d3f623e0703b6275afd15b780118a03ef1c8580dc

SHA512
bbb33134606b3d2f9ec98ac4932503dda0225b1549ad29690d8fc214e23b652bcb38b4cafb9a916704c1d7aa17970b244f47f8fde552f4101475754104f7d51f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
229KB

MD5
667a2fb5ad088b18be94149b77b7153a

SHA1
b543fe720b23e5657702239f706c76d76fef835b

SHA256
723c8d1efe8dee05bf932b0a6e64b63f1583cb8b63eb8cd2b1cc9604e0324bd9

SHA512
3303be55393b30d7e843e04b8eafecb8bc9945df893b420eab7952144c3827556409e89cba0ddeecb417bf1a8c0ea07072fe181280be1e527f057cd316445c74

Download Submit
memory/1336-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1336-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads