010b58f8f19150a348a36456a26e27c300084b1b0fb3988388da953115670b9e

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
Size

203KB
MD5

54b63a31191d0febcf7c20715090e060
SHA1

6fa6cedccc12b3d2b1067dfa4901796c447dd7d1
SHA256

010b58f8f19150a348a36456a26e27c300084b1b0fb3988388da953115670b9e
SHA512

a5321a39077d51b3658c2f1cf13028cce1fe52f2a8d3c32a2bdd69bd2fbad7e14de508f4655bfb46f39244bdf1b6af4eeff23a430e64d5f63091850ad7786c43
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfJ6W2QZwKS7H:wHm3AIuZAIuDMVtM/L2ZKS7H

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4666) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4652-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a000000023423-2.dat	upx
behavioral2/files/0x0007000000022959-6.dat	upx
behavioral2/memory/4652-1604-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\readme.txt.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\54b63a31191d0febcf7c20715090e060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
203KB

MD5
f56fa4fdc5333aa8c06d61f43d10b8d7

SHA1
96f796d1767c08cf39089aad037d5850997ca0e8

SHA256
0b00626899b593bc53e465f2ebc6a8370578075f88e4c5037d7e2a37b6cfd37d

SHA512
5d76e6bb6d951721741593b6df1c6be61a6013806a4c2b8b0254dfdd1afa545272479cc0c6add592b0f4697bfab5c9587675cb4685565eb2e717b9b9889b95af

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
302KB

MD5
e1c02f3269c761cc4bba479b1dd6f13e

SHA1
b1422ef2454e307b2610bd5f810df189b5d8bf5f

SHA256
fe228419adaa50f8d46f432b45356990e257c2da03007e542d378c9738011cd3

SHA512
61f2d37c1aae7fed9cc5d527c0f934507040405649efd9a29b2cb4975b24115b32ff026ccadf4f8a3bd6a888db7a76643f3d01e03a217993bb819e265e86e535

Download Submit
memory/4652-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4652-1604-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads