3bd66770116bfdd8f79fcee3314d4adc0a60bfe1dd4f0ec6a2f2660811fc773f

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
Size

45KB
MD5

7dfedbe56a6677a4c7c5aad7e2923fb0
SHA1

d5cc0b3b5831ce4fe0607d7049925c816c5c9d1f
SHA256

3bd66770116bfdd8f79fcee3314d4adc0a60bfe1dd4f0ec6a2f2660811fc773f
SHA512

f4b59c9c2def4b4c544bd81a6611fa2444955238856e3a5720d5343185a4a687411d55406595e8e2baf90c85d3d486c0ebe5a013a6dbb13ec36f82b1ea913995
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQz:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8f

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5290) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000023270-2.dat	upx
behavioral2/files/0x001d00000002292b-6.dat	upx
behavioral2/memory/968-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/968-1156-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJHBD.TTC.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\TEMPSITC.TTF.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7dfedbe56a6677a4c7c5aad7e2923fb0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
45KB

MD5
4560e1db6ba0a24ae71e35c15335a586

SHA1
d42dc2a8860c35d13a05a0a004c5ea9e70e68e70

SHA256
a167d01ce01b8d5d00360193a30662dff3e375832791138e7f491b88f07eb919

SHA512
91bdaf1a7d31ae22902a41e538b0b1f088ac2819f971b24f76c54b30728c101cbbf05720f6b86fc00a8834e4414d4a4cde408aa003624049fed31388746daf6c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
01def91671846ef0213eae4d3aa70d9b

SHA1
7a680e60373b916bf13e5c1069b46f558a053fa3

SHA256
2f3a8ea61b6ab81fabd84fb92084a087abd31a63312fa3ee5851d8985c20559e

SHA512
f5fd9e07c6dd14c0d3bbcc27551c1e1fcce25c5584102ccab9b40b4028805d17b0b04d7a5e59ac1af18b4bb72ccd2b9014e3a91fb8cc61541382cc8ce9ce26a6

Download Submit
memory/968-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/968-1156-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads