bee629f89da58de6313ffc47be8dcb6501d42bfcda36240081194b6c90fc498e

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
Size

128KB
MD5

248b51e281bc7d2a11a2bb8d9ae211d0
SHA1

467cd9b888c330ee8b4d1c38ea7cdfdb6558d452
SHA256

bee629f89da58de6313ffc47be8dcb6501d42bfcda36240081194b6c90fc498e
SHA512

18872b1563ef26e32ed08d560d04014d5ca62d6ce2e7bc1e5bd4d015e64dc88acd8a0d4291e5beaf4932b737f409353e885d66f505b2e3be36e7c9c9ec78d6dc
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC0:+nymCAIuZAIuYSMjoqtMHfhfV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4846) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3264-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000800000002343b-2.dat	upx
behavioral2/files/0x0007000000022959-6.dat	upx
behavioral2/memory/3264-1784-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-oob.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\248b51e281bc7d2a11a2bb8d9ae211d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
129KB

MD5
43a85751c39938e6a58e4e679de7eb0d

SHA1
574e0bd1dff3e0af671ea53f5d35f07504ba336c

SHA256
082c67d435ffc2874522b68a1f888f8133ebd543bbefdb6677423362d11428fa

SHA512
3094120b6968a556cfb886c3994daea0915b6df1f5388018365ed5ffaa74bc18b64340a845f9879e1c6c20e5faa58108d95cd3b4d58e3f6f20bc663e69949d5c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
227KB

MD5
99f8d97cf8acf2c104d8b88cbbc19950

SHA1
c709d1825e389f38f165b23e6d84669d1b24ab39

SHA256
d4703338b4c7d48fbd5d589f71321b7e86a64e4a6d748d2ec80fd596774d516d

SHA512
720b32b1c35ec1eac9638537e0a0083e5a8d27c557ed4b20a9f9eebf4b2d37251e3310820fdfa754da6e811910ccbaa42b5c44684f07e6e2c1c6b8c57b249899

Download Submit
memory/3264-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3264-1784-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads