630c73dd82801009d075aa5733bf25009fe38a3aae8216b0b4ee349747c5aba6

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
Size

135KB
MD5

18fec11e98818d07127b3b57b53944c0
SHA1

51152cfa767a91fa713607cf4644ba3e63f3c43e
SHA256

630c73dd82801009d075aa5733bf25009fe38a3aae8216b0b4ee349747c5aba6
SHA512

aeace992fb68df0b32174b342671e465e33f11e9e34a1480ebd336af8e1a76a7737263b01081987714e9bd486953a598138b39e3c305bf0836f4f37deb6173e8
SSDEEP

1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC2:fnymCAIuZAIuYSMjoqtMHfhfagP

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4829) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4456-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023297-2.dat	upx
behavioral2/files/0x000800000002296e-6.dat	upx
behavioral2/memory/4456-1742-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL044.XML.tmp	18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18fec11e98818d07127b3b57b53944c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
135KB

MD5
a5349451af51eb6c40cdf266d5cdf32e

SHA1
707b73d06f4a3c26e6ad08d603e7d4e170e56c43

SHA256
ef1b50ba31a3c9c68a3cfac1c52945858da6fac02c53af0900747dcecad1654b

SHA512
e02a175bbd5ef3b1ec116bc78271dc1e2d1c3e729b4bc8860e51b7dcad0e299405e98e15efcb42c1d21303d7c76c49b39f1c43b05f5ac86c5dd1e29f70e7c720

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
234KB

MD5
f224c1ca6f1a71fbd9b88eb1d9e79345

SHA1
6596cd24695420513f7e797c69c16cfe99663bbf

SHA256
d57c27e6c9615d5953522cb7e318a6317c8b8a2a51b1c879f7938781546a69f8

SHA512
56b47bdb1195e6f517ce608b3349b111c83b83c854a6bfafd00300b7853b18213fe4ebbd1ee94cb352c7f22c9b0d49b9f6ec071db01450329db39fa5b55fa956

Download Submit
memory/4456-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4456-1742-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads