2e2eaf1cf52717b6574566023efd9c875532160942973fa3e720933c74617cd7

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
Size

117KB
MD5

e44cff39a72301b9c467bc6d5aa104a0
SHA1

0b6c23a001d85ce1c5b1f0afa4552238ab1985e0
SHA256

2e2eaf1cf52717b6574566023efd9c875532160942973fa3e720933c74617cd7
SHA512

c920eb7f5013b7b11922f864df69bf14df99411bf0728f5bbedcbf8c31bcadf80e4086762513cfc4d745cb197a7b87c5be94862e878a1a74f84cb831b82a392d
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhfkrVa5zYrVa5za:hfAIuZAIuDMVtM/4yCya

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4838) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2736-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0006000000022f3c-2.dat	upx
behavioral2/files/0x000800000002296e-6.dat	upx
behavioral2/memory/2736-916-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
117KB

MD5
8840fd0c5417f42e2ed2d439daa89d9c

SHA1
8836c0d5875abdbf42a7c1d4fb1df6bcf28d2b31

SHA256
e16881d1e9fe609dc3768663382d174b823a7f385991f712cfd696967e3473bf

SHA512
8ab6659a5bd5ae2a9f75edc3614be31f1e578a0b6f488336440d3d4f13d591d2253896ab22c91d7c05fa5ff3d2f43fec03a8ad61400f04eff00c6ca010cd30a2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
216KB

MD5
f319631842b0f6c89a77439e19953918

SHA1
50be28e9ee7951de0cf44bedbecefa58e47d957c

SHA256
fe1c785e6bd897928b0aa52ab834ad95a8a5d3a8dd96ab1009eed617475c953e

SHA512
c7effa3af47f2df2e8717194e5334d9541b48e5980c8b4e3c3aba74d78a374e44f6c4135680e0b3471179224a18c2992865e0d0a340cd88defd6bbfa4023a012

Download Submit
memory/2736-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2736-916-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads