4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66

Analysis

max time kernel
150s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 09:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
Size

47KB
MD5

aa8b77bc1b53c7b6aa9c65d289614cd0
SHA1

013c06b30ac1ace87a0eb926372c333da612361e
SHA256

4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66
SHA512

cc85634c2b224ed13f6718319ae6fe3716f390cd0a18247a09cc3dc72efdf898d221bc0e9349299c76cad7e692f7ed19a0a1389bf542aabbeafc1deadcdbc329
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzo:CTWn1++PJHJXA/OsIZfzc3/Q8zxK

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5248) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2272-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000500000002328f-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/2272-1216-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e6eed8e4ee841df60c617d5c8b166ccf44d689c73524e444f4cdb7b804a7c66_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
48KB

MD5
dea93587f6469fcc7b63b0a0a75f8c71

SHA1
dcadab090e38f2ac653d74e17f8f413139c663f6

SHA256
1d362a9d0d813fd77256fd43484635c3028ca6ed1f9b738b1f920565c8cb14ce

SHA512
ebbdcffe4be6fafec5a021a893d8c3f481468c6dbc0bd5538013950081ec1fa522b85af59dfea1e92846a481af9afa2fe6db481d90a309800bb0ad120eb1ae90

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
bc8431f68402f21e68f7bb312a056721

SHA1
61257c4247c119f109487a37d5ea5203201c7ad9

SHA256
7cd54d14c6ba83859c9e8c3ac887804a9947e343f93f96788bc5f05c6c6ced24

SHA512
d7e501963e18de8ded28fef9131ba60764b27583727f21b82e0e416a80c5fd56721d9321e752caed284a62be6484790eb91251ea3b4482c8f09054149722db65

Download Submit
memory/2272-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2272-1216-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads