073298d584e950071b4c828748f6e710b7a4f58f56e22a6ca9fe69a2ff0320b7

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
Size

47KB
MD5

73e9736675673bd03d031e1ab0f432b0
SHA1

6f853bf049dec4ae02500cbabd49f2a3878a67bf
SHA256

073298d584e950071b4c828748f6e710b7a4f58f56e22a6ca9fe69a2ff0320b7
SHA512

85aee2842ddb61e432103ae09d2e0445c29b9406b88cc256fca1f2f4e276b1a1f2de1079aa43522e795938fcd7c50b00157a0dd3f9fa877d62d0d658b94f2a8f
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz7:CTWn1++PJHJXA/OsIZfzc3/Q8zOU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/968-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000a0000000233ea-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/968-1090-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\InstallRestart.cab.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
47KB

MD5
9027d719bf00b6ecc28a9f2e4384a8b9

SHA1
b6227b6931dfc17d757f65ce33131c68b9dd0ed1

SHA256
ebd3fbf326c617afc4902d3164e159c6c482a93e161b6d3dfbfcbd7810ac2098

SHA512
712fbee26ff49f1546120f75f34c5472f7423e79e7e8c0bb2b3196c9902033a110ac9ec074b9a36d7f83060b846f57fe32528500cd475d049155e99c90ef9d82

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
20161951ecf6405237a00de2b04d8fb2

SHA1
92131ab6f14e98b27292e70bcd8f479a96435a43

SHA256
cf3d1c48b66dd0689c1b0eabb2bec74231032f2a0969096b341adec577498bfc

SHA512
895e9e352f1a5672d3222791a8672f25f6e5d61f585349cff138978398d8060999fc35aaa701e2873c4c8b3d923ce81749c7253f66160db0974ef5c6378866d3

Download Submit
memory/968-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/968-1090-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads