ba4180a66284ed4b612c6d6919aa8a13d293ffc78bd9cd0d30e5817900fe3b23

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 01:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
Size

77KB
MD5

87e37b675ec11f62e23823bfaddcdcc0
SHA1

8ac14a95b1d4c8b5155ed2034297e2a39dd23a9c
SHA256

ba4180a66284ed4b612c6d6919aa8a13d293ffc78bd9cd0d30e5817900fe3b23
SHA512

92cc8b73941d9347654ec432104b58e82547a09ecf566b9b762f908d8007123a6b8b5cb3df2b025f877e9d54a0b1b3cd6acda9952e70815f355f68668b87c1cf
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8BGizN3:+nyiQSoKXzN3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3088-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023297-2.dat	upx
behavioral2/files/0x000800000002296e-6.dat	upx
behavioral2/memory/3088-1782-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre8\lib\deployment.config.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fil.pak.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\87e37b675ec11f62e23823bfaddcdcc0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
77KB

MD5
000634d4c7770df42fd45987a3e3ad86

SHA1
d097fddf12b5ff247731382005490af624d598ed

SHA256
5fd01caa582da7cc299747aeac6f104e186042be971857a0725c25e16ea79652

SHA512
8725d763c7c5288ec22e0c41e31a79bc374ca4464d258789a837834a201e4956e50e7c69e80ab9903dc0f85cb9ed87bf1ce1e54e93e206fe924f91dc59527a8a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
176KB

MD5
abb06bf9dd436d8f2e4daa62c5be37c8

SHA1
7add1c7508a993b7af5306303f9dccb20be376f1

SHA256
e93b03f6ed663111b0e9b38fe799ac377f9157c0fd2ddbd6fa94eb493037e79b

SHA512
9da46ec23c3b1240b7f4a5cadc0057df32c58e8c28bb6aea7bcfae7b3296691043e66079b24662ceb9f7350526e69fef9e13a458e5c22e066569de6ded8b60e1

Download Submit
memory/3088-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3088-1782-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads