1b822c4e2d74b889963fc6b92fad2afedafe68fbbd7c3a125b38eac179b84b00

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
Size

54KB
MD5

2698cc9509c2394f6344f6e3ff02bc40
SHA1

c473a7303fbc0e715f6d233490aa603c742ba86d
SHA256

1b822c4e2d74b889963fc6b92fad2afedafe68fbbd7c3a125b38eac179b84b00
SHA512

702e1f0007aa5723fe4d9d3d81b4e53ff00cf9502816a646a2e8369163700c90707d88af945262d9133e63e377144814ee449e56a56f76012621ebec3d156d35
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFFg:CTWn1++PJHJXA/OsIZfzc3/Q8yiE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5043) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/528-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/528-1006-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
55KB

MD5
a0962af1a17074847e5a64e2c3ad7fe3

SHA1
be707ddf6200d6e476dd35891ac73ea8160c49de

SHA256
244f0da934ad3e723fb113fdc11d2cfc93d4a946c9d92d8e44bfd8b208557129

SHA512
c2c23748cf07005493cb1a9c566a38cf03fb3aaf7efc4876ca69edc20f29affaa3f0b0494327dcf831b2830af18ac255ba8f8a6a760f4baf7424b1bc7c5fbc01

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
153KB

MD5
22227f244bf33d7b893f31343e846a57

SHA1
4bd66bf597f0335e03f53e90ca713a68b8d1ecc3

SHA256
5085238e51e0cb9a2452ff481b3a7846a4832c30ddbef3d99926083bac969c37

SHA512
77f89ba9c936ed04046574771c4cbcf16a7f9121460ad9a8bdb3551695e2b43fa1c10d8667b4af10b31a99fd0591a095caea100e87e7fb32eba731c7995c5ab0

Download Submit
memory/528-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/528-1006-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads