aa7047f964f4155ef20bc3a58269b1143585a6255959efe0b04f710630d64daa

Analysis

max time kernel
155s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
Size

192KB
MD5

42388c684c58c86ca35c275fdc110450
SHA1

437dd423f297937c5f4dd64b22a06f8a02bf345a
SHA256

aa7047f964f4155ef20bc3a58269b1143585a6255959efe0b04f710630d64daa
SHA512

59b5df797d909817920e45819db619f537d283cb93ea1d4cb0f28e983d1e9633b9aec358b62a13783a5166efcea8cad4f324dd430bb7c4458dd863d18ae304ea
SSDEEP

3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIu+r3:KiQSo1EZGtKgZGtK/CAIuZAIuC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (565) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/772-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000800000002324a-2.dat	upx
behavioral2/files/0x000400000001d8b2-6.dat	upx
behavioral2/memory/772-280-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\descript.ion.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-math-l1-1-0.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.VisualBasic.Core.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ObjectModel.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Configuration.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-2-0.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebHeaderCollection.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\netstandard.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Debug.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.CoreLib.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.OpenSsl.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.TypeExtensions.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.Windows.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42388c684c58c86ca35c275fdc110450_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
193KB

MD5
f74acf3b729595154236667856c4cd1d

SHA1
61857211c357554dec6ac204e5f11e660671cd9f

SHA256
4edc381012724053c7f33a3c30e314949a30ee1d6f84262092805bf75d6a93af

SHA512
319d0517b170ecb6b0b387e1d12c62f602e58d9d5fa613de0c58c37a182846a993d3a4efd65ee6dab78ab687e01418a83445f70256c1fd65572996f7b7865095

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
192KB

MD5
68ea3bde76db45966bf28aa580e2dbf8

SHA1
91fd4238fba239bcdc1e8b1a64c663323e55c5a6

SHA256
a388cbb6f9872ce94c7d80eb55405fb5a0bc9769aaac0885c06af2ab577ea58a

SHA512
65587bf89ee15a1d90f232d0e35eb304ffc04e167ebcc8e33248f02bcfa6af369b0e7b9e6d55f2e183db582ea7aa18282771eab7e79ea2f81e949b5f7be9e777

Download Submit
memory/772-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/772-280-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads