1542b5ba305e99f049ede500ca8304bcb048f30b71f6114d11e76ab5183a3139

Analysis

max time kernel
52s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
Size

1.3MB
MD5

679c5fc9c3fa070269d8158e49fede90
SHA1

2363c589009d601cb42f53265b389b9b89459785
SHA256

1542b5ba305e99f049ede500ca8304bcb048f30b71f6114d11e76ab5183a3139
SHA512

df1471cafe9c77af7e06cb19382f0c79fe07e80ede6310f47143ccf6e05995aa11ba8961f582fec9021158f2b858af6ad5293b6072c923965cfeb804c75ccdfb
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxS:fnyiQSov

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000016a29-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/1752-160-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zG.exe.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\ApproveClose.wma.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
1.3MB

MD5
2dd8c72c926c7c3fab2eaeafe3468017

SHA1
c4fc3ff67137e8fea078b57c8d6299ae66a4f4ef

SHA256
de9adca6ae494a8967e7e5ea80434fb286418a40932938983bfd6a51ffaf0a0a

SHA512
bc019f75d7fc2abd58b42127dfba6dc3adb75eb9d23c64b5a9f455aa2e9c9761311bf56a388236aa03deab4db51fe6cf5544847373053eefb1ff75d72e43c067

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.3MB

MD5
3216fea676ea41994ab84b2dbe9ec686

SHA1
6377889a4a162543bf68ea96f041d86739606d40

SHA256
667dd9f027e0fee9f34900620af0ca30ec470bdd64421d43bd37fc883f7b1532

SHA512
896443e68467684a269821a2904dbf7138d104e37c3420fc0f91aa55c90c4145438c7df4d5db745905f7e6d38d9e1a4dbbde79a44faed386643de96d17db151c

Download Submit
memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1752-160-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads