735ba045a2d19e360323a7a34f97aeb7d8fadddc8f99057fdf0cc7914abe9d1c

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
Size

1.1MB
MD5

52d5cd572b25eba24a149afaae363d30
SHA1

e1cabcbf0c8c1ff445ac1d0a253cc0f8f494deb7
SHA256

735ba045a2d19e360323a7a34f97aeb7d8fadddc8f99057fdf0cc7914abe9d1c
SHA512

4f49e76abe8d795ad8e371dde4fa2b396efdbf2f9e4f272a12b45f5e94758ab0d62b80f72b5791e0a8f041060c21a1e8b5d5ae975cf39d11368165c8ab5c8637
SSDEEP

12288:IAIuZAIuOBgyO0kdH3B6yhiLzi+QqTHjfFANj0Ow3wU:NBgKaS3wU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1880) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4132-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0007000000023270-2.dat	upx
behavioral2/files/0x001d00000002292b-6.dat	upx
behavioral2/memory/4132-760-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
1.1MB

MD5
c89fe6871424c295362c056458c6b057

SHA1
0e2065c258613fbab5cc74320367a5f6f1434cde

SHA256
89c397d95ccde6b379ee82faa59cb72547b46688645eb3f45ae3af9f6bcd4aad

SHA512
86bf4db7f724b1ffe38f94a2db3bfb3cda52682a6715bf3d57e0755b244853fc046e75c1761db1eee7d8755a08c8bc4835512c296dfa4c07ec4820bbf8e48652

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
1.2MB

MD5
c276e38722217c9b006fc8b20d55518f

SHA1
8eea2c4a1557b1a2d06e6e8b5dfbcd12b66e4189

SHA256
d5217ff3b9f651311814c355fbcf3f22d46cb5907ef4fc441d3de864c0e5c3bd

SHA512
e0623119bc61bd9068d4d48321967204fbf7cace9a40e96540ea437efe8d25d178804807cd6706ac2bb0fe457f301463219ca984d387335b8e2a19a4fa4d7e49

Download Submit
memory/4132-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4132-760-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads