3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
Size

47KB
MD5

f73f1d5ef26ed645ba88a11ed0f25a20
SHA1

1c4496525c02034eff379f487545d40aae56c5ba
SHA256

3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e
SHA512

a174710cc34c096ab39044d3afa54d92b9f0ee91472c627ff94e3d3216304bac9c87d8e0811146ae9bc1e913f9331291e63ac67776fb205b37469a7a96237253
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WZCqCT:V7Zf/FAxTWoJJ2WjWZCqCT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4838) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4968-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000022996-6.dat	upx
behavioral2/files/0x000a000000023419-2.dat	upx
behavioral2/memory/4968-1732-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
48KB

MD5
aa402580dff5db2caa9a2cf46313aa6e

SHA1
73b41723dfcd5cd00eb1815e4c2743bd1ae5fb29

SHA256
879ef07a90a6fd3cd00d77efc66ba9e72b8e5d3b203ab2962f8db996abd032e6

SHA512
4aa393ba7b60db887450191c3611133c787d71b25eabd09365a3fef94de8c9d01ef3ee4077fd7b5a4d99b2f6d35fcadff47079f2c5be013eabc6225167f29e42

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
89f29672827eb468047df5dca1b653ad

SHA1
5b80290d7e888243758ca2768cd7e2d5a027b0cf

SHA256
a309cf8a17854e67330a5e473f6a50e5974bcfffd7eba46cf1e568dcc2e19b19

SHA512
dec6acc856eea211d86007bee6fcd894974e99a2272b08a45008e4628c243d3d1e0190451ef18eb9d97d136c220b46b4505c8f7808f85eee105180d00fa57b93

Download Submit
memory/4968-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4968-1732-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads