1e92727ba99cafd0f658470e2b1a135311039c7e40f4c8e15aad9599d785f59b

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
Size

45KB
MD5

c16471ae72f7b4e94933aa41cb6ab380
SHA1

2a86fa49133ff677609d77f897cabb99d254a3e7
SHA256

1e92727ba99cafd0f658470e2b1a135311039c7e40f4c8e15aad9599d785f59b
SHA512

d5cd0613287ef0d3394e734788a8d12441c8e37159bb207b77791a9dc74913595d18828e91d19b31ea77126c057c7b019a4a992b95a495e68892891b21e63dfa
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQA:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8fTo

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5297) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2328-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/2328-1134-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTEXTRA.TTF.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.tree.dat.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
45KB

MD5
0db7e8e960902a8b88330e7b6133cfef

SHA1
3ecc1a74a26a35f475c91ea743fd37ba2ef1b4ec

SHA256
66d575ac1d88233939951c6fc9854e87be2e497607041c5a3615bb01639f0cab

SHA512
e0c67eda9aad3dbe8474d6ea6fca7234ed242e97f45fcbeced383309b8cb412357dbc79d5335b30284c6df64a2dc169ef40d4299d55d944ff6e09838d074f909

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
8cdea7666dc1b3a0473c2b6a6a7bb608

SHA1
9682ac580e834d7cf27808cb6fed4d04f50afb7f

SHA256
e9f9192a192032c662b16bfcb68893642f3785065de7a8dd93aaf3298ceb856c

SHA512
ed84dd542fc1a038fe712c6a197cd75daa5e5498ae947dde70d1a6168823575da134bc9e11f54964a365151c595e6b2d86a2ea964547bae9303ca2803fd2d1b1

Download Submit
memory/2328-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2328-1134-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads