db96463a8ed6e9907156ac060e4e9c8c56f5bdfeb22523b0440f75ed0c4f4b7b

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
Size

99KB
MD5

ebf5ef8e03a6b322fdc70807f1335f50
SHA1

226f4bba0805baf5e3ad5b1f6459f0f7a7ce3765
SHA256

db96463a8ed6e9907156ac060e4e9c8c56f5bdfeb22523b0440f75ed0c4f4b7b
SHA512

849f1511f2b820bb917a300e42fc20e68eb3b5a8188e09a86d9b31cf57fdec8113a955f05c2284d7f6cd89d22d6b72a823068e04c2888c42abb0cf26f1de9fed
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfm:hfAIuZAIuYSMjoqtMHfhfm

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3560-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/3560-1076-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ebf5ef8e03a6b322fdc70807f1335f50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
99KB

MD5
27129e33d2d3ec3359513da2f560a511

SHA1
17ae75cec223b5cae782634f6a4b22060a91ee6f

SHA256
77ae6cdb3de39cada8c310f93eaf850ae0f7295da7f109592d98c55e2cf8f536

SHA512
1e5f9be3cfa305eb0ee01783ffb68be68a1d60ca41c004ab560e9784caabcf65702f2190a2318ab1174d9abf3904800df510c4cf5ef09ec6e38199b716df8774

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
dc79922f45ba4152bd885756bf28ef01

SHA1
674676f0ff49ae72da8f41a06f6d1999366fa5d2

SHA256
5ac719dc77bd717bb5383a1e251499006a70a3b5634100175f35403762359536

SHA512
a0d711d2f204db8c3b1accd99e92cbb588929d62a5597b6b34f01f734b3936f25c1bd8344627ad9469979a1a89a776c7820796cd3483bc48d2007e098b684775

Download Submit
memory/3560-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3560-1076-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads