a10a47ee70804e2668210d93d33ddc345f089139a871c122536de976227ed595

Analysis

max time kernel
33s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
Size

257KB
MD5

4eb0f755f3786042149297232fc72510
SHA1

2bd6ef8cee238107a14e22008488cfbd5487c9db
SHA256

a10a47ee70804e2668210d93d33ddc345f089139a871c122536de976227ed595
SHA512

ea3ef5cb781b733a37c279ff7f9d779976ad08425793c6a2a4c63bbeecf98cc6f6f9b2ecf3610d80c2170c9ffb62c61425bf5ecc9c1588b17a9dde08a9b297be
SSDEEP

3072:fnymCAIuZAIuYSMjoqtMHfhflixiMfAIuZAIuYSMjoqtMHfhflixiz:KmCAIuZAIuDMVtM/mfAIuZAIuDMVtM/J

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (775) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1300-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023450-6.dat	upx
behavioral2/files/0x0008000000023297-2.dat	upx
behavioral2/memory/1300-1560-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\CheckpointCompress.vsw.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
257KB

MD5
be894544ae075df964d5f89e8388219f

SHA1
4bc0ff22fe4de031272c4243399b6609ce1d6b25

SHA256
f56a1e93cebacd7d861601871137a864331725e233a17734922272dd6263d630

SHA512
56c9bd0bc306b334e65b9fc2d4ec1493305a5019b9341c7c129f2dada9a9a420c1561c81fd0447cef84b5f42bdd5bff56a64d326042ed484440688d3c384f21e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
356KB

MD5
6baf870a4be590458aed8e1a6376e4b5

SHA1
83d3f7df85decdfd4ea4078f4358ddb8c9ce6629

SHA256
3329dce91d0eb6ec5b85439b9d518a6903edf3df39d9245708e23086bd57f0e4

SHA512
5da2678ae76a642deb1b495f01a8cc15a1c9bb7b2c124faddc51b8baca27ea0c38f54f0e77b28077fd8742996d016242075d82edc0239b77fb6697649de2f12b

Download Submit
memory/1300-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1300-1560-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads