273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
Size

96KB
MD5

3158adea5922ec16506640c8c04832c0
SHA1

086963068e95334321f28be2af04ef697dcc997d
SHA256

273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8
SHA512

00c4ea7399c2cb30651ff9753b6dc3fc0c3cd61b1002a2dcf39ae2e0b23752e289776d9d6a8f17b5eafc80d7fdd5a78d43c6dfba41fdaff6fb011b9c918fcd06
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxtjm8sH:fnyiQSoojmHH

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4814) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2664-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000700000002328e-2.dat	upx
behavioral2/files/0x0008000000022970-6.dat	upx
behavioral2/memory/2664-1776-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\273c46466c21b6d15e8a2caaa7afac35198b0e3a6da7938f3fe5155705f15aa8_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
96KB

MD5
4149703703a0af842c0da7505647a327

SHA1
6aaaff96f56d8ecde8b5c07d273d345731c785a4

SHA256
a5ff31e42264c199450045e8fa074d70f141d64872a839818d434a5747cf4eb8

SHA512
1949cb6c951100f153c8e4ac5205cc9725a4792793bdaa6c06b4b0e0f112653efe442b6966f2c46d0585ca848b679505d18884e484ec37051efd7e548ddc226f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
c315c200688402c092aca454eaaa0d67

SHA1
8132414e1bbbee88c666de0d6602caf15f7adc09

SHA256
032098e31d6b521878240e5d407134ca18b923a18262066c967c3ce412a470d2

SHA512
1d7a9eb8606f05520f205218bb2ccb55f5e07e97e40c47747b4e8a1e253b683ad5ce90c266075b9952b7b064b90a223e61659dc62fd2601c6a14eb561fbf0749

Download Submit
memory/2664-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2664-1776-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads