17fd2adb429decdc674b110f862e44bee149cb85c721b4f8c57e822958932a1f

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
Size

179KB
MD5

1268c3acb8bf6926432c114361fd0a20
SHA1

62a43ece578901d1957802bfe15341378ce8a0c5
SHA256

17fd2adb429decdc674b110f862e44bee149cb85c721b4f8c57e822958932a1f
SHA512

65e49484e908e8f753af253b038645603e00829ad39c40002c8624205e481f12d9d63e39d8d7a0b8fa23bba6b8c66b1bd89763d13220e09ccd1df1091b273a17
SSDEEP

3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuz:KiQSo1EZGtKgZGtK/CAIuZAIuz

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a000000023400-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/216-1722-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp	1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1268c3acb8bf6926432c114361fd0a20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
179KB

MD5
091e643ce460501846bfd9481457e9c2

SHA1
874bcda6cbb420ef96a64a011964b871866f2418

SHA256
329452b473d3e37d27808c99a86be3fa3e2e8968990adebacb84b6976cffd3bc

SHA512
f167efd9938a1a4ff3629f657fde152f17de7cc96fe0f05a20f8a1fb85618d3a6b36076542a82c77274bb71edcf274f4ae755e2fbd8ec2465cf893679d71fa12

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
278KB

MD5
38e3b0dd7accdc20f0ea15c64f828f6c

SHA1
83429d977e46a33b34cd673a700034342fba2d7d

SHA256
6508db250fadb423cd110476d22ed1bff8fbfe86d73f8abf3f1284fe43bf8574

SHA512
09e87400a286e1c0eab95e281a17ce8c9f8ffac6b13dac51d6589b1a6eddb68f3fd87de406245878dd2d80aea1da5a41610aae2abbe50727809679174243c331

Download Submit
memory/216-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/216-1722-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads