afb198d78e6d177b39ff71f2c996644cfecaf8d4669a2dffd6999e2c22cc0052

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 06:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
Size

76KB
MD5

12b6c5900bdc0a00739f69bf0a41f1d0
SHA1

796c62621c30c88298e81f9f3770d01676b01676
SHA256

afb198d78e6d177b39ff71f2c996644cfecaf8d4669a2dffd6999e2c22cc0052
SHA512

e5cec54f7efc0c846e8cb80ae590dd15e4b6f3a14183da83a888b666ef931fbc3a3e9fde500e73c9bbbff97d99e9313196432ac110d9a8e360822073abf937ce
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8sWh:+nyiQSo3Wh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4420-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000700000002328e-2.dat	upx
behavioral2/files/0x00080000000233fe-6.dat	upx
behavioral2/memory/4420-1766-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
76KB

MD5
70c39acd4ba481878d8a1bdae8e378a6

SHA1
9512015a7d3ffb8368922dc94b14e5e4adabf4a4

SHA256
c3f2288cd0937acea70036f2de205676d503069ea0b3fe2fc70fd787ea187599

SHA512
cbced1fc895311817f27b7620696a401d80992e40de4cf7fa697f96a7c114f03c3dd2ae900c70d0c17e4ab6e695906d0c0121cd1cc4186122bb698ef1fcfdce1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
dceba7b1ba7cc43d29d9d2e9a02a5c7c

SHA1
4d7be33ac132c8ae0a8f1c654630cf992a77d3d8

SHA256
86774cc59930d454200bd3529e0b6c4566af4574e795bab3e9980f46cc6dc994

SHA512
8ebd594fedf4410ca0d024c8588b65dd5fe79bc21fe842b84ffd234db3a31d467edcdd5475b5fbc30be4c53d2b9aa84f9fe645843dcda364125114fa483e6a85

Download Submit
memory/4420-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4420-1766-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads