e0f43e6cc4999918588b786764f81e3125cfc1440e3bdf2fbe4e1bab209d99ab

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
Size

113KB
MD5

0aba2c002be94be85a7c18d9ca136a80
SHA1

1b25915db584f0361edb2bbd25e99b7f0a29add1
SHA256

e0f43e6cc4999918588b786764f81e3125cfc1440e3bdf2fbe4e1bab209d99ab
SHA512

0454e0ae369f2f70b2ac8674e383437594fd9fe9fc3e2faa2fbfe9ac4548da8e5191d462a87c5c279e8c0be34b881231701708287ef5f39cb090d3ad915f1110
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfagE:hfAIuZAIuYSMjoqtMHfhfagE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4847) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3668-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000500000002328f-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/3668-1074-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
113KB

MD5
3723f73dcffecd745b8d0dd0cae5af78

SHA1
e2a3fe409fc803130c8129008ca2acb9cf1747d2

SHA256
688558d25c5d5e4f33417dddb3920ac1e8e6134004390d7007f811b811521e6d

SHA512
754c5f8cbe29e09ac80c8776c0116e0bd2a91edafabc822391a515c87e6218dbb084ca4cb8dedabc2a8c406aca0d8e4e1cc1e0ebef2f80aebeb1739c8b0dad3e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
212KB

MD5
c6cf592d0a7a606574f14ae7cf786c4b

SHA1
930f58b356a713a52a0a6d50a5c44c4ad4dad8c2

SHA256
aad9d75dbdfba4ef944f763db19e3776da14eaf37921c898e270ae87797d9ee2

SHA512
c1f16c419d973a909080dfe2f0f8a49ff05b511ed75a16d29ee6ecdc16eacfd4f730c2828a878f244c9a2fb69f1eaa28b91a55536746df244e7bfc6afdd43015

Download Submit
memory/3668-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3668-1074-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads