c21b03bec7a6314638a85162059a5ee53c2df60d07089706e4864002a39a77df

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
Size

70KB
MD5

886effe70b5dca28ced14cb2c5ee3720
SHA1

5f1c099a726cfdc4439ca61800bddbe4c4fb53f0
SHA256

c21b03bec7a6314638a85162059a5ee53c2df60d07089706e4864002a39a77df
SHA512

052b0e5a73258693d38c6214745f2ec66f8edaf7bd0f179010294f4ed4cef89b94d76246ab1f6040c2ce18b2c2c204e8786a8603dd42897742454cc25a12611a
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuoJIFH4JIFH4:enaym3AIuZAIuE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5252) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4788-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a00000002328e-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/4788-1956-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\ucrtbase.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\PersonalMonthlyBudget.xltx.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-runtime-l1-1-0.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.boot.tree.dat.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
70KB

MD5
768695162496417e8f2a9fa2c90f0678

SHA1
f445054d5b4ff1eda882bba241809ff9de7b19a1

SHA256
92cc1eca6277837cf2a3e894abedb4f943ae3ef3bb15e5a6ec3c16d54599bb37

SHA512
91086d82e0592fd248e78e433b246ad13523dc9a85fbea0deab6382e91911e4741c0da1b9b0f19a20a2186581808d4646ad3cf3bcc271895fc4bd81add5c3740

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
169KB

MD5
5693b5261796bda95b0abf843dfc0451

SHA1
52fad7b088f74203a549b79be615951dbe3268f1

SHA256
9a193dcf540d2fe4bd2c9e0ff463719baa0c7fe899d9c61465058bb293ff61ef

SHA512
474b83c4f3dd0d8aacec5022f9e84f65f062ec1f143f6742fab058e3f9e4f3bcb7ea6419259cc7e0907a8a72639acee3e4bf60c399ced3ca4a9f15bbbc8d2a33

Download Submit
memory/4788-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4788-1956-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads