03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
Size

135KB
MD5

e8a633b0588624f3d0155adedc3003f0
SHA1

ddd6390390a6123876057176072dd8338d2777fb
SHA256

03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8
SHA512

4e2f9881d375196fcea304c768a7158acfada24d6bec0125f71ec87653c8aea7269efe89e5fff170310580cf6ff4739963cda50838efdbb99565b7ee109e8cf6
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx5858lTWn1++PJHJXA/OsIZfzc3/Q8Z:fnyiQSoo858RQSoo858d

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1468-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000900000002327a-2.dat	upx
behavioral2/files/0x0008000000022958-6.dat	upx
behavioral2/memory/1468-1780-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\manifest.json.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

Filesize
135KB

MD5
2b1d7095ed8ffb1fa0627d0c313252b1

SHA1
b7cd64f0694c4caca61507941d4fbac15960bcf2

SHA256
98eb52faf7d74ea4d8e832eb7d6d4079ac6b02e7fd4a87b7dfe3bbe5dcb851a1

SHA512
2014477bfc91e35443f1f9447774e4868f0ca10d0cc31a1ab43cc8fb71fcd3e7cefb942b2a627c0e1fd9099030ba97c4b35d972cc42a4cb4246cec23e5182608

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
234KB

MD5
b8c04058c12c3bb6ed25e525dd3ee6b1

SHA1
11e5d06eaea8ffe74f4d627809f7472194cc8702

SHA256
8cb4eb49ed0b97b4ffc25eefeab0d2b62b80d01bb4fe2b7852da959ee9ee63c8

SHA512
aa85b2f888b10c2cd7f8f2a5bd38ceda3f9ad25f048bbeca2a22c270ed5bdb747a4428f1c6f1a1e077fffc805fe3b629305fe3a58a8e4532af8df9c559f3b6d9

Download Submit
memory/1468-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1468-1780-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads