8b6369e5e2cd6e56846c2e2166f79352c8451c48f34752140c9d44f628c57077

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
Size

43KB
MD5

84334597f7875ef7391eb3e74aa52ad0
SHA1

47ecc7bd306305abf9c46381c924a3f94b3e9367
SHA256

8b6369e5e2cd6e56846c2e2166f79352c8451c48f34752140c9d44f628c57077
SHA512

063187c77b14e0306bb378b8911504dc70cd4a7cacfd0c24470dc489abe6637eb2cd611c22bfa29401f7a4b107af3379c1a0adb3d48ae7e32df3025ea13278f4
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQ4:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8v16

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5163) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3832-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000700000002327d-2.dat	upx
behavioral2/files/0x000800000002294e-6.dat	upx
behavioral2/memory/3832-1110-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
44KB

MD5
08b335267737abe83ae1e1c4e6739b36

SHA1
9eb3dbad4df57760c08b7b7ba474234c72b9756b

SHA256
b6207a58025451a75ee3c3a44301e2d5864765fb3ef3be8de2e8c5f059e596f1

SHA512
3f3a6d8b56b3a18c987cc01ed4c07d4903ba2f90b83e6089368b83a960162ed5386708bc8cce44b328bdb03b7ea98bdaa1ee069fe1f7b9b42c5258925881c3e2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
a090313ebdcf54b1706232ebdddc71a2

SHA1
543d5b7c4c7ed482fcb5e55cade1045b93998d19

SHA256
c6cf98c991c2bf0eb1f534466c333e5a539cac51dd49b89ecf42b5625329fd3f

SHA512
37dd4d663635829ef99cd98795246455b21a2255e401c592e4e81fce63058d96202f44e0dc2c55dc0e3207d3498752ea01cbae3b4e359baf0d84cb3ba990ebbc

Download Submit
memory/3832-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3832-1110-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads