b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
Size

62KB
MD5

e9bb5cebc7cbe732a3b3e1a9b5c1dbd0
SHA1

114249a01aea2fc062c430203c3af7804d1e0ecb
SHA256

b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3
SHA512

48bb776b12a7aec4d261b3620968c747143352fb5f68d4dd8f3462d37bedec170164843c0b15b759ff5fad7991e33b6966f23d6d78b64d9ec84f92f7138e360a
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwABT37CPKKdJJxdPO9OtTwR:V7Zf/FAxTWoJJ0TW7JJQOm

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5256) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4108-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000022f51-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/4108-1962-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerview.x-none.msi.16.x-none.tree.dat.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNI.TTF.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b090ce92496041910c1f17b7c3c4876207dbb10d8b61054f6ab7f0c80bf53da3_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
62KB

MD5
c4c7855d7fbf8e00657646bb29dab3f2

SHA1
e764ec9cf8a719f3fe177d8df910b1e9114a606e

SHA256
d3bf914c55d6ee6e8167d4dd45b57fd9039fd25b2f12d4919f25be824e601591

SHA512
4bdb31db5173ad89d0055bfda9fe20d58e863551eab1fa9c457f51715065bccef4bfc2ee1cdfc0434e927a7d0fbd847f7cad8f5a1bd98da4dbb3410d9cb4a8b3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
161KB

MD5
3b1caadd8fc65f4f3438f9e49ee2bbf9

SHA1
3119140e0eddcd6cb356581519fcc3da6b09f975

SHA256
21211956d16c06c573a6b1ef1ba217b29adb8f18a87bca6194a8f060b2fef23f

SHA512
bf6c7a22ef548102febe5259db15dddd4bc247fc77f22ac022158b336bf509469fcb113f275779750d48b6507fdcd2faac5e68d478dc24a26ecd6a3a493ecced

Download Submit
memory/4108-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4108-1962-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads