878ddecf3efda6ed1958fd790883f807975dba3eb7511926fd95ce1af251c5c8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 05:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
Size

63KB
MD5

207a28fa3bfa3b0e43844ab9b797ccd0
SHA1

7e953e3347dc2398cc5ffe6bc9fdea353adabe30
SHA256

878ddecf3efda6ed1958fd790883f807975dba3eb7511926fd95ce1af251c5c8
SHA512

479bb561eaccad5a1347e05480cf487d6961d690dc50e0511d7b3ed812f2040eecf37ab060cac44a78b2132d7411969206a7a3677919ef8c8ae157028bc303e2
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5sJUDJUX:+nyi4MS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5325) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1724-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000d000000023383-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/1724-1988-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSBI.TTF.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\207a28fa3bfa3b0e43844ab9b797ccd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
63KB

MD5
fe319b727bfa096799a4c012c633dd20

SHA1
204fa87ee9a462b2430d9d5669f383fc7367121a

SHA256
59c565db964f38965c3ca392ece62fab3f110575bb84b979f30610f26f361509

SHA512
ef5e34a211689f2a9a48ca918c6400874cdaeb2581c999db7dcab34510d76603a1767a6b2ac02257336bf15f84f000214d09925d1bbf1025b7b06ded74016661

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
544dddbaa9b430db873afda38ed63575

SHA1
eebbfbce4b8fe184b58107d945db95a3537d08ac

SHA256
d17c22bd189f8c3c8538bb9825143d83d5c8dbd13e208091aa470d26a7849a6c

SHA512
1e860ee0b97a828c4439b10e1d44cd959d21e18e5339d917c088f40eee01715894e524d38c4f630c6ee4fd702b0587b2c840dd9cdede01e5443eb01fa57c744a

Download Submit
memory/1724-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1724-1988-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads