9a2deb36df20e806c070d529f4a0c74610235fcb763b4d80003ec2241b59e81f

Analysis

max time kernel
151s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
Size

60KB
MD5

7d64c9c7d46556d777db3251ccfcdb40
SHA1

534f37e88132579ebb6e8d602fee00776c884663
SHA256

9a2deb36df20e806c070d529f4a0c74610235fcb763b4d80003ec2241b59e81f
SHA512

a814e05d28af7a95759dd591fd9869d9aad8b467f4493138f78015ee5eb2fc1b98cb80d13d9b2495c021f00bdf2edcf6d4db730c07a2285d766191bfb9b072cd
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8yi+y5gfcL5y5gfcLg:KQSoEqeaqeg

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1751) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/628-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0008000000023268-2.dat	upx
behavioral2/files/0x000400000001d8b2-6.dat	upx
behavioral2/memory/628-302-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.IO.Packaging.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-math-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Parallel.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Process.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.X509Certificates.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClient.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\ReachFramework.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\WindowsBase.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Primitives.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationProvider.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationProvider.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemCore.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClient.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Input.Manipulations.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-conio-l1-1-0.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationFramework.resources.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Design.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
60KB

MD5
e32ec54f6e1fd66e0b3ef2f1ab72ff6c

SHA1
c7b62fa18940b24f3a719e29694d33caeff67417

SHA256
07bc28590978204776ad0592a4ba04f619bd55d15f0ffc0acc0ddee52f6b941b

SHA512
62961ae8567cbbfd05521733525fcdb808aad1edb6000d8f38dc5a0559fcb02471b9b5cfa226c36d80524739f6d00f1865e55ad2f63e531b6718f44c868ea399

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
60KB

MD5
018721ac0386358a36d8ae648613340d

SHA1
6c952a14e2e333027046e61249a2c646613b6ba5

SHA256
c83846cda38115b69d46528a950f1f59a976cc03df4c8aa86a7bc70a7bdfec0f

SHA512
eb9fc0acb639eab5f5f663095b10b4d5127122fbfa3ff66d908c61d4b13ec8a4cf205a1b35c320d6b060706591d4b3630629841b45fe11db811323be70ec42b9

Download Submit
memory/628-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/628-302-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads