5c601f69c72912bdfd4ed2515a110dbe1ce56c2559643f5d43bfa975f7f0b9e2

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
Size

229KB
MD5

3f0961f350dd8cd2a5e29ab5c2031060
SHA1

a744cdfbbd1d0b3c8cea90c6cfa494e65dc85a47
SHA256

5c601f69c72912bdfd4ed2515a110dbe1ce56c2559643f5d43bfa975f7f0b9e2
SHA512

c630c88e3ecac346ac4ad1f386289c1e0ce88bea28b9e8e3fa7d440b7ac2f0da5a31b7ccc1573ba9ccaf6580314ef508c5684964a72d1d086db88cbd6d1b0911
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuYch93g+gfFpsJOfFpsJrB:JiQSo1EZGtKgZGtK/CAIuZAIuH3vB

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4640) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0007000000023305-2.dat	upx
behavioral2/files/0x00080000000229db-6.dat	upx
behavioral2/memory/2240-1584-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3f0961f350dd8cd2a5e29ab5c2031060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
229KB

MD5
c701a3dfe993be3e6980bf11e23b884e

SHA1
cf032e036d97bdd1e81c143e6c140de2bc7a8b30

SHA256
215d98f9472d3eec8f75e6303a83e958176cf7660d91fad08e3e5de39d3e74cc

SHA512
384acea3a43525aaa6f0f98e02d471ad0649d344562ddd26b910cafb448acc0b1124a8f8cd7a6198eabd93ea3dfa1b4e6ceefea7d1ae8c09e375c4c6c1e48fbc

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
328KB

MD5
98d444f7a59f0e2377038d665c7f1cd1

SHA1
2697ccace3d6005a8b5e54c964871ff22c638bda

SHA256
b336e1be18badf73af8e8e97e27f64ffcf6fe63f3d06fd799e5f4e719bc7ca57

SHA512
62c20eda34c3b3ec8ec73c4237e39afe3561879712098399705dd142f63fb3194389d43c9d9fbd46c8b311469daca11a3f3f4fc1738c80185db66df19642a98b

Download Submit
memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2240-1584-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads