fbb7630e7f17744ae8d7f2e16a8754f42cfee793410599f2264b577a9e6a84c2

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
Size

2.0MB
MD5

ca8621b1a98291894cae8cd89c420c00
SHA1

d63957c1b60952966a9459d188e0b03d540a9392
SHA256

fbb7630e7f17744ae8d7f2e16a8754f42cfee793410599f2264b577a9e6a84c2
SHA512

4569c5ea301c6470eb105a0abbd95f11d55dd91208a01fb7b0d8c8f5e67a9dd7a636980b6b1d7646c16fc7ad89a802e61aed94aa7d5bb983b111b96c546b48d8
SSDEEP

24576:IxJ+SZCzwWzmZLPRb4Rfc02ZF1NqeJslnIOGvRS2clZ7J24J9CE662+E/xeC99Qj:IKzwWCJR300WnITZS2+Zt/C04MECj

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (260) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00070000000122cd-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2156-142-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ca8621b1a98291894cae8cd89c420c00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
2.0MB

MD5
61fad34bf4500d180146c3e9c7c28acc

SHA1
689ba76b5dd6cbe8cb36e0c27f0bee14692e89d9

SHA256
d400971f3b75a794323e98fc2c293809b2760c582fec0d0e16eb2862eab6b2ac

SHA512
93104eda843f894c8a097580b7ed143405a460b1afdf767b28789e3cbb25a74644676cd57ee8fc538051107282765b53974a4ecfd5d07eb624aa5103ccf8ad1a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
2.0MB

MD5
0d38c7849ee00fd015ff54d0384a152b

SHA1
19f4d9366c7ec24614a53f00c04bca9fe63f7311

SHA256
074c388f40da3df914905ff40b28a796a42002575938b79e27ec3802c5b44c02

SHA512
e40e3f45de5901f834a5b198ce6cc3e01fcb51cf9cf25b20fed20ef233605aa85343943fab265d145fcede8274700b99f9b5e6bc15f13a15940a098182c23b64

Download Submit
memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2156-142-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads