0d984e87a34d76e77b7a12ccd7ed8b31af7c52b029c340929e7af6fc1f1e6899

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
Size

63KB
MD5

28f3c75c653b68e6802f761038b5f180
SHA1

b46b213056cee12ca58c8b0ae5d6680dea3085eb
SHA256

0d984e87a34d76e77b7a12ccd7ed8b31af7c52b029c340929e7af6fc1f1e6899
SHA512

c9dac0271d21437cdc7979538df4e12395692e63b5fb76187a142435880d4031f9c663d3d7bff96512cea312a50daeac62981fc36832fce88172728fba2f38b6
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Q:fnyiQSon

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1672-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000700000002328e-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/1672-1948-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJH.TTC.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.boot.tree.dat.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\28f3c75c653b68e6802f761038b5f180_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
63KB

MD5
b4fe4ae939ca3305ab20adbf318855d1

SHA1
8a4f7511b09d7aed2309232f9a15bae289a30251

SHA256
d0be9d5d87f7ec8505bbb5855c615fc44c4c70eee4da075438f0250af387a932

SHA512
3d08980cc11d2bb8ec1bc1acea0f9d55031c51041f640d7664dbbc881ac2a6dc030c9edbea5bf7bd5004ef1d9c4e082e8dbe3daf2ce65c20ed831054add495d9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
bf4b3912a08629e72a4dec7a63186d3c

SHA1
80916587bdadbb512f6d00ad9d2a67cff17d0f9b

SHA256
faa19d4bdfca6aa1c9bc58eca3ede44c4b8a529fbb729541f7eec001763f66a8

SHA512
cdfb7f4ca6068d85a0669297cb0816501c88c63d04abdf812e8184132fe282c3845318f0c3d7587bcb8c448e27f7c6256cadf07e1bf6e73b9186e76174f31702

Download Submit
memory/1672-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1672-1948-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads