6c813f90d55c4db0b2b4f868a156154976f21e5a7eabd88f6dc71aec25d56f68

Analysis

max time kernel
150s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 08:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
Size

74KB
MD5

3a298c535afa97cb6171380d6116e760
SHA1

37cebae17cfc577c56f59ff5765d40e631f296f4
SHA256

6c813f90d55c4db0b2b4f868a156154976f21e5a7eabd88f6dc71aec25d56f68
SHA512

e5d8091e0e9f443ef26f001889db155a7e8013b50cf3b9b4b5f4b826e8a94738e6623429a8a9ca48a8b3498bd130c6ef1b6a88a6a3678a2cb9d102d1ba990ce9
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJcLy:+nyiQSo7

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1440-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000600000002327c-2.dat	upx
behavioral2/files/0x000800000002295a-6.dat	upx
behavioral2/memory/1440-1794-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a298c535afa97cb6171380d6116e760_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
74KB

MD5
c7ca5922b4e431a8a35965f5d59c1500

SHA1
21667d68d7fbc72224cadb1b575a1ae76a5e1a3d

SHA256
f9e8641bd867e21ad8b62700185ad8f5cc5931bca80387b3c6e3e50051f0ab15

SHA512
d9645fdb37e8773c8d894c3e237ed7364021847cf150c9762b7eba809e70fd328380b4e50e6f5c14488dc90e6b690969353162733bda0ad558bc79f9b75f3c31

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
a8a23d9a70c0b73a4eb17d80665ddcae

SHA1
fd6a67870a6089dcebf9c1664e3a222fa77c278d

SHA256
ab79239572aaac36b14dcd8dc30a570f9adfa4d0136703db132a00c1922e2ee0

SHA512
ea404d66528d516e44adfbaae3a6b54fc3bf700fea3a8b59a31ef9c8be75f54290ef7c29346b6e964ac05c51ebc71afabe9eafa9368a4fcd19e8adda04ad244f

Download Submit
memory/1440-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1440-1794-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads