2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704

Analysis

max time kernel
135s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
Size

46KB
MD5

b723eb0fd6a232b4fbe47dcc5b4703d0
SHA1

2d5806e3a46721c45ca807f882be3c929ff45daf
SHA256

2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704
SHA512

f39582ec249a7538199ddcd5e778b9c9678c64f4ca77dc19431f8ccb8ff0ce71e37b403daa50fb37d7ec4924ff2850858328d174f16c9a5277c0374ed60c184f
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzw:CTWn1++PJHJXA/OsIZfzc3/Q8zxO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4616) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1992-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00060000000168ae-6.dat	upx
behavioral2/files/0x00080000000235ba-2.dat	upx
behavioral2/memory/1992-928-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\GroupRepair.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4024,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3936 /prefetch:8
1⤵
PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
47KB

MD5
d33e4155e24a1401cd4b779b59ef47c7

SHA1
0564e767f6f33bf02b7c541c33cbd8c86a8f5125

SHA256
16cc0c571b366e1f202d4e8a2ce13402321f37d99abbe1cf24e2e1bac4249717

SHA512
f9556a294a93a71d75e1fdab2f7ca3a9daca7fca97042a8f5c98424252a50d34c174f1f0e76cef4ff6ced9ce74443ba6bdbe6178d1d5113bae3b490c128b054c

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
159KB

MD5
b714447320b4308695be7c3a658c41ef

SHA1
e6f6078ccb3709e87fa7745f4e68405dca04337d

SHA256
ca3e8706181b30958932422c2de3959a61bff36a4319eff112ffc12082250c73

SHA512
19eeaceb5099404a3a9bce106fc94ad08b7cd14edd35b549fdddbc85169bcaddbd35cbf39f65ac81ffcd314d585ffa83acfeb24f28c82c121cd4e6ef75d79233

Download Submit
memory/1992-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1992-928-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads