1bb37480d5d0ee89c74a4c6993bb5b6826a510635e8bfb235c672af567aed0a1

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
Size

149KB
MD5

d6e0e2ba4b1a69feba576c3d55a5deb0
SHA1

5a4414fc7ac0feebf3c42aa6086b67d0b436f834
SHA256

1bb37480d5d0ee89c74a4c6993bb5b6826a510635e8bfb235c672af567aed0a1
SHA512

f3165f6a39b827ff55242a676f8346f35087d628cb436e58092e51b85a2dd2e7c8ef49ea4ca1757e7cd9b9a78c01bd3557ece5687bd08b19c5752868c9f79cf5
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCD:+nymCAIuZAIuYSMjoqtMHfhfqnx

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4834) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5076-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000900000002328e-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/5076-1734-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d6e0e2ba4b1a69feba576c3d55a5deb0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
149KB

MD5
53d2d1fe41bbdbcd5daa3ce7c528b131

SHA1
a49cf775e0dc20f60852240c6469d0ec45a57872

SHA256
416f3c3586dba5b16d8fd572741c718713fc77b6672601544d7f18e62afb3fd1

SHA512
b86c2c0847664510863e5d35848e39cf6d1c9bc4af1267e80b219aef40731764f1d3fa10cc615924b6230ae34a347d83ffedb92624b29be87441ab1cecea6e31

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
248KB

MD5
2f287fdc148bb44a993eb67c731982b3

SHA1
5e819d1ab787995d906e079360d78d172348df2d

SHA256
54141a9ab496921c7fa93487dd76348899f3c06e02c13c8cd5511ca7a3f3734b

SHA512
646b261715b30f235c84dd62cd1f56b26913ee019045a0f30c1e4ff30b7337eb6916fcc24c33047716082b7f0bdbb90b74ea0027848d7f4eb77e6d8382139197

Download Submit
memory/5076-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5076-1734-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads