eaa91384156941503c10ee08d042bca9f04ae3510ef4d862d1bd4dd69302a858

Analysis

max time kernel
149s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
Size

45KB
MD5

1799167498423b6791147cfb3ebee460
SHA1

946002b9c7d300cd020b88a342bfc2efb1c37ca8
SHA256

eaa91384156941503c10ee08d042bca9f04ae3510ef4d862d1bd4dd69302a858
SHA512

e394ad401ffb13b52c487623f5eaa68256698f76bc0adcf69eb70741dc4fad9debbb2e585a87f4302273ab923e4e3be3c0254b955fd1b92ebbfddb01351b43a3
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFa:CTWn1++PJHJXA/OsIZfzc3/Q8a

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002328e-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/2824-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/2824-1208-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Cambria.xml.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1799167498423b6791147cfb3ebee460_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
45KB

MD5
81d7ce3af6aa8ebb51bbf20ff1a281c0

SHA1
df76d65c9b471bcb4f1756cfe4d48516796a3084

SHA256
ebd0468d9fdc82c04b734c7510b3bda2e93a5bdcb56886b2f8fb73472f526921

SHA512
3b75bb69f87a2c0969b64bbda5606f459e570644e27399125875a238e327a040ee4690c2da34a8372a5479870de2a9b18e603022d997940e4fff00ee380c4e22

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
eb55123f388c9ad8198fbe42d54c7d75

SHA1
d6480ece2e56091b06b9182d565915781dc2cfde

SHA256
610583a2db951e51d3e52139756d18fe99a00b74a4498ede26ef086f85624a98

SHA512
cc4bff467131fab9695905df3ead418ff11a5a8418bf0cbd230f2bafbb00caaa9d01e6bdf50cc9d0c0f60343f889997c6f7f0dc319f4e3c71384e8e60acdb233

Download Submit
memory/2824-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2824-1208-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads