b7e29a75846beefcda8df88ca2595e8318b7615161edf0c3bcb3ee7dd228aead

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 11:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
Size

85KB
MD5

bbe4502c23f969ab58826057c58ac2d0
SHA1

c94ba259efcb18386378b9b2c163ed18cf9b6932
SHA256

b7e29a75846beefcda8df88ca2595e8318b7615161edf0c3bcb3ee7dd228aead
SHA512

b68fb611880c118bfeac28d5b17200af607a4e324b94c4746c83866e397f18ccca2de33d9e3aa91d38f974d007874d8145c2646bc91d198620d10fa19cbb7232
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Io:fnyiQSohsUsWU9BK3o

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5058) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1520-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a00000002327a-2.dat	upx
behavioral2/files/0x0008000000022958-6.dat	upx
behavioral2/memory/1520-1862-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp	bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bbe4502c23f969ab58826057c58ac2d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

Filesize
86KB

MD5
371630fe4857d37f230db168e26e421f

SHA1
46afc8aa5a0d71b2b09e66569e7d1800751f91d7

SHA256
597ee1ffee31bce53d6b87bdc91aa5546b3cb3e72f88d188b881c43d226cc44e

SHA512
b9dd36ce40af76df33bfbb0019b5dbfa3a1b4daefb30bec839a2cfd4f935c21e2123fb684c7366d89026f17a62ee876359519b6118702921570971db3b75ca59

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
e89ea9c162dd32ee576188030bdda9d8

SHA1
6bbb3a9f909da0af0231a069affe30c05a46d407

SHA256
c20b8b7db06a45407f9c45906be5555a623b8104a1f128b4b4ff1fd600a4f76f

SHA512
6f1d230c5e18c30f10810da3877fbf5d6adec3b370fdf2c19dee430d341b54e1d013d3b5adeecf1bcee9985b1b76dad3e62c966a5ff2a425a3ecf1d28f2f6662

Download Submit
memory/1520-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1520-1862-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads