99fd5b7cdaa670b9db2bd7f03e0173b90955995d632a021497f9a6003c2718a1

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 12:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
Size

97KB
MD5

89939cee4f573d56f576fce158acd310
SHA1

69c2c0a225ea30b1c4615a33d4d1fb89ece61d76
SHA256

99fd5b7cdaa670b9db2bd7f03e0173b90955995d632a021497f9a6003c2718a1
SHA512

568519524c68a23532a07b15b6e739cd615a376050f740733aef4d47a5df48465a99deaae9f00fcb72c5f65f1b47eb52cb8146b5063b7efa5169578636be6af8
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfb:hfAIuZAIuYSMjoqtMHfhfb

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5020) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2848-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000a0000000233c2-2.dat	upx
behavioral2/files/0x000800000002296e-6.dat	upx
behavioral2/memory/2848-1064-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\manifest.json.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\89939cee4f573d56f576fce158acd310_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
97KB

MD5
93217994511884a53a67586f5fd1d095

SHA1
9b7c198867907b8e512b3badf406c083cc9fc3b4

SHA256
748986bdee80714b4b653586baebd3c6213c8f1961a72a272fa4bf5846fabf22

SHA512
a9d631603341750cb1512482c3c80f51d93a9fe2dfaf67f7c01ecde5336ba412dd3b3ef11eac2e9060bd5737000384c0ee3e4345c4a333a4c8eb89ef459adb51

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
196KB

MD5
087c65972df7304b4205e26cc6ad8990

SHA1
0739529c21b521cf59bb52f8aeedd77211297990

SHA256
e2bca70467dbe95ad08393008eb0739905f017fae15d3db771e7c3c5bc017954

SHA512
27cca8df934dcf25bb68caa8bcaa452425ce47d3fc1fa4f965a34a140678bd67cbe1714cd61dc221e5cfe9f4c73ee3d41efcd0486658017b6aceb2a243e6004c

Download Submit
memory/2848-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2848-1064-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads