dd35ec954d3e3588e9a22a4386a9e397c34025a057c1d1ef1c7e98ef88e58601

Analysis

max time kernel
152s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
Size

63KB
MD5

23eb41df4ad8225c8fca5f15567e3050
SHA1

a3cfccd01e8f6fe4c8b243319488cac5b2038183
SHA256

dd35ec954d3e3588e9a22a4386a9e397c34025a057c1d1ef1c7e98ef88e58601
SHA512

8c89cc98541e59fd716e07d5ad7476bb6cd7b09ebb9895f189d3b2346f0961d97399c8b81c65e57e95720eab0e8935a7bd196a3bd3cd80bd922e914c261c0a13
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8hcj:fnyiQSoGcj

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1150) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3708-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023247-2.dat	upx
behavioral2/files/0x000400000001d8b2-6.dat	upx
behavioral2/memory/3708-300-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Debug.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Input.Manipulations.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsFormsIntegration.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.Lightweight.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.JavaScript.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Input.Manipulations.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsFormsIntegration.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\PresentationFramework.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.RegularExpressions.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tools.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\ReachFramework.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorlib.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Overlapped.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.Design.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationUI.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationTypes.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\ReachFramework.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationTypes.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrgc.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.0\hostfxr.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encodings.Web.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\ReachFramework.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationCore.resources.dll.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23eb41df4ad8225c8fca5f15567e3050_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4064 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
64KB

MD5
887f4ba6fe5ea6dd6bbd8d30d384c6ab

SHA1
4f190fa15dc4abeb7475379c126f5d8276b3cf1b

SHA256
fce81ec62f572bf11d6367a68dcf35da5710727fef53282efbc95d417a0b6ad6

SHA512
fcd571e7999b859a252a175d9ddaf1d5db2a3e9865e4fdfa83624f78f4951ee2293b805e2e99971651028117a5ac402ab437f10ad78b8d9f0baf79f481d333dc

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
63KB

MD5
bbc1ff04f3b8d368fc15634130effb90

SHA1
e2481b2d9272affdc50587248e7c9f3d7c0b045f

SHA256
a57f0c4a446eefa2f1fa9673bd0f6787460a6db1598050c74f8eadab1806a1ac

SHA512
bb484ba3f254c3635179c050ac690d27f8285ae621d0638e29b0b15f20437713446ec9f66b4999f8610afeaefcfa44f660fbd65a33faec8b77c5ed5dbb2c0d09

Download Submit
memory/3708-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3708-300-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads