47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 07:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
Size

1.8MB
MD5

69a7c18e05a0b49ffb3a6fbc4c9ceac0
SHA1

29a612312ee8ff3e505883f01fcddd3d136db5c2
SHA256

47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d
SHA512

799b4fcfe575d778240a1a8e8264fafe2f96a0384c80b7db038e44f5faeb345f329871f952d69173b81e30a32d613cdf1c3ee44ae00e35d1d43d73d7abff770e
SSDEEP

12288:VQt8GwtIR0XEybX/aqvHIzckUPPyiwRoVGwhGARqOO:VIzjR0Uy7/XIzck0PzweFhGuqOO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1680) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4896-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0005000000022f32-2.dat	upx
behavioral2/files/0x0009000000022975-6.dat	upx
behavioral2/memory/4896-634-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
1.8MB

MD5
3a28126429486e2d59ef4a3d73498cbd

SHA1
79a36c81e9e2a2a17d0d7a7df0ad4334f36431dd

SHA256
fabcedab7c894fee3f55525ed85e3f8311b2b229607658d231b2aebe3c75805e

SHA512
b80d987f3b78af7bd7854bf6b605c68c2a69fe56f79cda87558b2f57319721c144bb07770803e409c5e426b56008ed036a00e0e3720a8f4439d0ed0c5207e87d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
1.9MB

MD5
8bb749687da829a7bfe41723da66ab3e

SHA1
21a1b26ae7650f8271abc1e310cb01fd9e9a4a5d

SHA256
ddd52a97bdcc545fbef9390103ca4ab565972a03896c5001dd39ce6be56f4ba2

SHA512
8cc039749fc2e044f76707f92d152fc81f968385b0d593660a29d59b6d532a65464c77ee1b92bb40f0fae3d527d84f2fbc5913385bc92d03889ca5d8bf43ee7f

Download Submit
memory/4896-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4896-634-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads