20e35c1a6e28e21d43673a776d97d1cd5cb7c308e89bee55a60ccb12d02f1b6d

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 00:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
Size

156KB
MD5

63f03ed109174c325c08e85940e22a90
SHA1

f47661dd8737b407f7ac7038bf0e62f80e67238b
SHA256

20e35c1a6e28e21d43673a776d97d1cd5cb7c308e89bee55a60ccb12d02f1b6d
SHA512

cdf3f5634b2429ebd12517426b5c7fe93f6626d072c2e4a06e09033193be9d93cc87a47803d7e85f725515f60878a6f417f0a3b7cc9fb9c311f6ef5be9964f2b
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtdd:KQSo1EZGtKgZGtK/CAIuZAIut

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4843) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1892-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000500000002328f-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/1892-908-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\63f03ed109174c325c08e85940e22a90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
156KB

MD5
b4734aedb4b781593014e604b4c27034

SHA1
0cfddb206d16b4024ee4f03a323095bd5491af8e

SHA256
cf9a16a42df2093714be067e300921999c91db6775867fa25eb9125b013b6b90

SHA512
3b218f87ac9dc49734c6bb8e3df4bb589c30b5d6a82b1a9c331291d6f897c15fa124378226adf7607d33307d79c9c39ae7aa4493afea42b8634efcf59a564d0d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
255KB

MD5
f5fa2b66f9c19a7036b7682cf049b121

SHA1
7af3fbe606661e89aef65a22c94ce5e9067d7f2b

SHA256
66ca4c8fcb742a93f9cec213744f79af164a35bea487caf71778ca883183ae77

SHA512
27271f0cd7f711febf0ddfb87c870a057914afacadc8a8f0e968a36a80f77c0108baf886d19273570f28e71d84c9829108e7ce8b4d56ab73922d389b58a16ed6

Download Submit
memory/1892-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1892-908-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads