4bc1aa1a18d70791e632cf296d6cdead0a2373409f4abc7e48adad37dc5c8861

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
Size

205KB
MD5

44075fbb7410ce1e6719d622e1659750
SHA1

2b8cc69871fce527d1a0e5d1380608e322d62bef
SHA256

4bc1aa1a18d70791e632cf296d6cdead0a2373409f4abc7e48adad37dc5c8861
SHA512

9d7a0fab9447c762d666ad91139d4ae75322dd1300dcfdb500d1c1401cee91b9965545db96cfcadcac47d72b1d06e1b1e19dae39d017c4721baac84d90d794d0
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfJ6W2QZwKS76D:wHm3AIuZAIuDMVtM/L2ZKS7u

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4133) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4408-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023278-2.dat	upx
behavioral2/files/0x0009000000022975-6.dat	upx
behavioral2/memory/4408-1416-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44075fbb7410ce1e6719d622e1659750_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
205KB

MD5
f564c75fe69e5d30e160790e3fdecf1e

SHA1
0c03802c7fe681e183b1c27551bceb2af6fb2d0f

SHA256
25745641e199e4814a5336b2d57c4e1ecf02915fc11c2c011f1fa29ec78e533c

SHA512
3bac77fd94e5ab1a24f65069358abcb0d00f2abe1ce93e58f8f0b1dfe48c94dbebbbb313bf704d04cd1161ba129db5ee9cfdf999a57b0be64cc78a6bc3e75044

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
304KB

MD5
d3c5f536ef748961b54621a57229cb14

SHA1
63fe645e0edcb9e62ff8b2d935b404607442fd0e

SHA256
79441905fb24732e3d48f685a3f0fb2aa348935a1a2b5064047d54b794f6d0a2

SHA512
e12ed804bbd93a258e5a54b92f0fcaec3511b8d0b88a50012106730b21c18dc657c9fedf40fe1dfd7eddb9dc003a80983f10c543622ea09bab0729f6d3a00a66

Download Submit
memory/4408-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4408-1416-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads