4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 00:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
Size

91KB
MD5

0f9cd6f1d9ac34f091eaddf8e6a0acb0
SHA1

28853b6d45fb16922885c5784c937ef87ffd9349
SHA256

4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1
SHA512

dd7e83c289df311134f4e7e86b14c31c091d912a91d4e39f3d8add5d1da45a941a9a529ee5168f0aaf0918950f39ba14cadbae6d513582698bec10deb49e1e7e
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2ImLPLTa:fnyiQSohsUsWU9BK3mLPLW

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4949) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2812-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0007000000023381-2.dat	upx
behavioral2/files/0x0008000000022a75-6.dat	upx
behavioral2/memory/2812-1752-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

Filesize
92KB

MD5
19c5613ba2043e43340784f2ab22fdd1

SHA1
824da148babae631ea74661cffb2ba3aeeced4c0

SHA256
d34f0a82df1ee4570eab141d2efed2627082b41aef87f7f7dfd838a284405866

SHA512
2a6acdd6d82a3217b4c680c2e626051a12f06464cadb5e5fb9b75cba7cdc247db8cc63fc4b4c1ae79649ca847661800bef5973a00bfec9e0e383a6de1dffb503

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
60d7b6a099962cc33c508624201b63d2

SHA1
8c70cde9631c0b0e4f2147dca9c0113b685a7926

SHA256
18ccfbe66575369adb95a7cc6fad507d0a98acc9e15352a40c895e6ca1acd885

SHA512
4c2696f93be0ddb0d22c4db0c34f96337f3e11230b5f8a28038b8c36c8e00e6ca96ee14ae66df0a424fb4fbf3cac45fef4ff164d138e01bed5d9440d52525d08

Download Submit
memory/2812-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2812-1752-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads