e1cd4ad99356df692c85411ff19b9e43f44eddf56881f0cec4092782b9268c24

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
Size

116KB
MD5

113b6d41cc1881d466c5cb241d34b960
SHA1

d01057d090da8f2c6878766e8e323e37dde9e4d4
SHA256

e1cd4ad99356df692c85411ff19b9e43f44eddf56881f0cec4092782b9268c24
SHA512

ee1a2555400484241041ed41a5464988b45468a7a5166746a30ac45f6996ee04980dd01ae0cab71eeb90fc4367cadd83c98cebf55374e00d628f3223faa28a97
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfliQ:hfAIuZAIuYSMjoqtMHfhflixiV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4646) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3380-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/3380-796-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\113b6d41cc1881d466c5cb241d34b960_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
116KB

MD5
2c98f8d48da645c05461b6f08c931435

SHA1
70e25bb097af8c04b383e8bd2d66ee634b02c12d

SHA256
5ca1d52bc49f6c7f358f6ccfff15c76f8b5103e3e4bbd28d515750de02182912

SHA512
c1c7688e53fe29139ed99eb3ae992814cf23f666692cefb9b921215c9d43d41709a5efcbae4341ce1be652eb8c84f87a3585b4e10d7a5deed3da3171ccdc0af6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
215KB

MD5
a8ad7c9dc4cc136765b5122fbec58f99

SHA1
fdc69545bfa77d1c008f9a119c5b6979ad6b85a3

SHA256
3281d7917d0a50c97961f1487382b705e0756332686c89565e104ea83e9521c6

SHA512
ad19b3c915ff8b2748ab87a0308838a28c2c8edc1af2c388ca979e1df1e95ca0b7a81c49d1096fcaac94ac4666cc46977032358401385032918531baf5fbfaf7

Download Submit
memory/3380-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3380-796-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads