f9ebc0e0456639a8162ebc456668ec92bdeab3087e123509507205f7f028ea4f

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
Size

106KB
MD5

20b490955430ac6b23c15701503fe8d0
SHA1

2c5e5a03c33e904b75922e2418db3af8908a6c07
SHA256

f9ebc0e0456639a8162ebc456668ec92bdeab3087e123509507205f7f028ea4f
SHA512

740284b795934099dc9f0b4faadec90c498941a48018e2982f7b1296b83689fef2af6f02189952045f11c33f24293c5a2d76a90315c16435e60472bb87f8221d
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbs:hfAIuZAIuYSMjoqtMHfhfzuH

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4850) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5088-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00070000000232a4-2.dat	upx
behavioral2/files/0x0008000000022996-7.dat	upx
behavioral2/memory/5088-912-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
107KB

MD5
6ee96c953c0ea49d4329a6927c2757cd

SHA1
9a8025e831ddebe170ab5424f49fe449816db3f9

SHA256
5b0af27244cf4238a6bd0eda1ef61ca80ca1eaed3385aebb73283de3a5f4415c

SHA512
0cc88f8474f8ef5265513930e16ffa64ea7ebe615e018b28c5a0ea4c2f009e6f46df2b1e0c71b867651f7e34b6f0db1c11ab918d1362f587f048539a9a4e43de

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
205KB

MD5
6758139ddbda5811b699334c1455350d

SHA1
fd881130b6e5f0308ebf9527a5e73e641ecf6d36

SHA256
3f82d3a7f71c3702aabd4b330cd019c0d86a7b3b0f991065728bd66c4ef26d78

SHA512
263be8d91d076fbf10b4c0ce67e8a50fa8c74513cf60672ae54859f8787ff5e138cef0655fce6b46a61a28cce478ca7d5709b19af4a400106c8feb45ee57ab10

Download Submit
memory/5088-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5088-912-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads