fe3eb123ec0f3740fcbcf3ded80544f6466f1dc7bef7f2840228dd405c09b244

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
Size

134KB
MD5

3aaf83f4b55ee79af6faaa0e487d29d0
SHA1

9a31863e9b546cb94dfac12e241900bde74240e7
SHA256

fe3eb123ec0f3740fcbcf3ded80544f6466f1dc7bef7f2840228dd405c09b244
SHA512

9a25ca994a7bc07d3115f85a8ac743285a134c16583426393989ba04be0427d87fc1bf13926f0f5bad8d1fe7e18fd3aeb5bec939bbff93334aee3d45073ea665
SSDEEP

1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCY:fnymCAIuZAIuYSMjoqtMHfhfagJ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4878) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a0000000233de-2.dat	upx
behavioral2/files/0x0007000000022959-6.dat	upx
behavioral2/memory/2228-1790-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3aaf83f4b55ee79af6faaa0e487d29d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
135KB

MD5
e2f6a6e2e0291174e74b58a65712f4bb

SHA1
293f55a6ac03bb52ff46d6dd197ccc93b5b0d9b2

SHA256
19a61640235eadb266697da73d1b7c9d1f6e263b73b7faa540c2565d83e34f85

SHA512
9a8f3fcd06587799032cd8acb3071e45d9d3d187f10047d4777a1cd3f50f5014347f30606164bc1df5b029a84b23cbbc90c8e75ad35a53143e8713e23415284f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
234KB

MD5
3c5f5465b10086127b2e9ffca6b6c74e

SHA1
ffd39ed4f7c13644c704e052b676601a11583ca6

SHA256
fbcc9e7e3f06c2d96164365c32447e2d7b49a294caf193749cc537378cfd03fe

SHA512
11f51203855bd1e3390d77e2ddf6c109077ce7d0be0143ef1d91498b66abea07c44473b1467b4d0bcdf10de2bee636b70971fe6cf83e4b412537e6cc7dc7dbe6

Download Submit
memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2228-1790-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads