e412c8e84be52a66167ccee26462086422cb1c7acedc20fd3fd881032808c038

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
Size

103KB
MD5

dd4746d96f9490feee2f722aebb81ac0
SHA1

f3148a7e0f1a97bbd1218bd962ff7673a1462785
SHA256

e412c8e84be52a66167ccee26462086422cb1c7acedc20fd3fd881032808c038
SHA512

3ea4e9c25e218e76580e57f2c9fd015fb98ccc150f75bbe337722c002b5f631f9772a3b53f1b91533364c42d174767b2c122cd534029c1013012d44275fde2a1
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbg:hfAIuZAIuYSMjoqtMHfhf6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4724) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3392-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00070000000232a4-2.dat	upx
behavioral2/files/0x0008000000022996-6.dat	upx
behavioral2/memory/3392-932-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dd4746d96f9490feee2f722aebb81ac0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
104KB

MD5
b1d28e1104cba2ae0f64d502e14162b4

SHA1
bf681da1cef1e615b669c114cd8f221414884f21

SHA256
01011085e29170c4c400b921051b165aa63328385d8be21d49104f29cb31255f

SHA512
e456462ccae7c852f5cb75ca83565ea41185d29fee75dfaafcbc6a897f105f2f2d30acd6ad61945da051226edb50b83dddc20b3fc499fb2f8cee51c098865203

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
202KB

MD5
8d8e5d24e97a1757dff7c9a43abc55b0

SHA1
97d62c8e77e5786231a7bd078d1128d67f2d0fda

SHA256
f4a0a3f5db98edb07dfd1c17de0111d4c25f5e31a39129ee83821f0ae1924f56

SHA512
1955fb747bc8cf8eac9da8ceb605f54195b63e14210147c45a123914b25076790c493aeaeac4b7cb169dd0c8721054bb16d52344b8f86a9d37ed5b0b701b74c4

Download Submit
memory/3392-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3392-932-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads