bdbf1149aa09ab43b4493732639da311ddee2fc85971709b1228e62a28d3d672

Analysis

max time kernel
150s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
Size

71KB
MD5

099dee1ce1987d98ecbb8fff801947d0
SHA1

5e60630413ed61443f79272104ae144a3bff3b22
SHA256

bdbf1149aa09ab43b4493732639da311ddee2fc85971709b1228e62a28d3d672
SHA512

ed6a075bf1256abb309954c12c26616c3449329f3c2c4ea78eb329523be473e21a7efa4ccf70c5a8e335913d7b8b5abd7db740c63691401062fb5a522c783246
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8q2U:fnyiQSoT2U

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4796-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023297-2.dat	upx
behavioral2/files/0x000800000002296e-6.dat	upx
behavioral2/memory/4796-1910-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\099dee1ce1987d98ecbb8fff801947d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
71KB

MD5
5c66963de733514aaac8e6c8e8e9bce3

SHA1
e53ac732978b79e4c833c043c8629ab4ad263512

SHA256
6e858cf618db77767f4a41dfc2f819ed90f0dd8c0be375566c43b1f9df2834d9

SHA512
d6ea0fc4ef133e8531cf8c165e3195aec3dde7e6b922174ae87926071704b2f18e8b0f9073dc3e2c2869e4ebdb357701c272e96767bb1f1c0ed48293d08a75a9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
170KB

MD5
0e794d134e57fa5ad678eef54995b80c

SHA1
f26e4d831ad973f4bdab2aab2d2757937c453ab5

SHA256
137394a8de5915290ea171ef196abd653b7ff7acfedc0fb150bb8fb3ccc6d223

SHA512
2b5c622f46039c66af82a4fe4c091d78adbeb4b57f80288a15af2a1299ed6183854a038d167c2fb5554bb178876c5bea92b384691b6e291bf6fc001e2e64062b

Download Submit
memory/4796-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4796-1910-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads