df4c03eeb4f5f7b5ecab7fbc288575a51f8a5d1b10f9952d728bc036674ff188

Analysis

max time kernel
138s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
Size

258KB
MD5

033dae941982d93aaa04dbcc1c7da1b0
SHA1

0958b5c937bb687c99aaa0b71df11ca1956663b2
SHA256

df4c03eeb4f5f7b5ecab7fbc288575a51f8a5d1b10f9952d728bc036674ff188
SHA512

debf2bc6c1b40592256afcfcf026d07666621d4f42d79760341cf4f25aaf8f4a3e5512c794d33445e60ad16cf28093a514cd9171f3516cb315cdae172ea6ceba
SSDEEP

3072:fnymCAIuZAIuYSMjoqtMHfhflixiBfAIuZAIuYSMjoqtMHfhflixip:KmCAIuZAIuDMVtM/rfAIuZAIuDMVtM/j

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4270) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2280-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/2280-1588-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
259KB

MD5
0dfd5368a358c5dc7bb67b84b9e6686a

SHA1
cde14ef505485ccbf0f658994294721a4b85ef32

SHA256
5106cce25b1eaf0bd788e965fdf5e729060b2fa717d523728f39e7a1bec2ed97

SHA512
295cdc3ae62d3f26afa700635cd1eb69d95bd5d9069240a252b9851fdd16a10a74c28705e5277ff891e14ab7bac30a788eaa253b77dc7446d9d46e9ae0ab45c8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
357KB

MD5
b7a73c4dc05a435a10c230d7a517910b

SHA1
a6d9b74dd09af7169d3439fc35907b801f11fbae

SHA256
614741ebb26d64a54cb5373f256e8a4a848fe2cf1cb811741e2e458fc6708a94

SHA512
104946ff9a6c95afb5018c71d7d48f5e416f8f6a43f53dd8fca00167e82f9ec1daa6f29fe1228c06d19b20df9ce71ab4740888375bb1dd9c36a130a525178077

Download Submit
memory/2280-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2280-1588-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads