1542b5ba305e99f049ede500ca8304bcb048f30b71f6114d11e76ab5183a3139

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
Size

1.3MB
MD5

679c5fc9c3fa070269d8158e49fede90
SHA1

2363c589009d601cb42f53265b389b9b89459785
SHA256

1542b5ba305e99f049ede500ca8304bcb048f30b71f6114d11e76ab5183a3139
SHA512

df1471cafe9c77af7e06cb19382f0c79fe07e80ede6310f47143ccf6e05995aa11ba8961f582fec9021158f2b858af6ad5293b6072c923965cfeb804c75ccdfb
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxS:fnyiQSov

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1991) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1924-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023276-2.dat	upx
behavioral2/files/0x0009000000022975-6.dat	upx
behavioral2/memory/1924-760-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\679c5fc9c3fa070269d8158e49fede90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
1.3MB

MD5
6411ddd67b531f042a8c485a3413aa3c

SHA1
0ca4f22068def8b5ad5085ed977f0da2848ae1fc

SHA256
d80722f292f13f98e4b075a64b398446ec0404c1dde81b7b6e21653b5dfafad2

SHA512
fdd7041d207d1f0133dc83a05d1ec7dfc8408038565462ed01ea864f017af571d727d77b2afb0c75e7e19c774425a31580d545f532a81645f6c81cbb39e9372f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
1.4MB

MD5
4e06757d1821134fa91f765f436b7a32

SHA1
033a7f3ff81af037a0aa9098adfa24ae9b42590e

SHA256
e069eb31cf4e65deffa7f2c8884c503e32ec544f2124cd0e4c97efaa1e1e09a1

SHA512
9f1a93e87ecb067dab9d5961a888021456708181a7ade701d9d48709cf316676baa643e6f7c65c71a4c2857dfb3b5c6fc1022ad9c60cc35f9c7f36e7eaff60b4

Download Submit
memory/1924-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1924-760-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads