3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095

Analysis

max time kernel
55s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
Size

67KB
MD5

91301cf001c43df03569472355b138b0
SHA1

f7e4cefc7c4d57e9169198b21addee796208d0d5
SHA256

3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095
SHA512

066e4851d1fbd3d21caad4de39d3a94b9cfdc16f01538d62980a3e3ca5a736786eb907de33c29d990af62407078b8636e528744f7c5e23986515e077293d5262
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8m:fnyiQSox

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1252-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1252-62-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\ApproveConnect.AAC.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1252

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
Filesize
68KB

MD5
68a527ad5da5123b3eb7bdbfd5a2da48

SHA1
e579905d99fa3d96a48e155ef183cb8c69d480d2

SHA256
8ad4bedc1d02127cdd5d0532b1540c8de27d5ae22c18aed84c9389953f52204a

SHA512
fbdf8bc93d9d135abe81655d7b60670fb351670fa0bdb483b35f4f534233244850644adfa02fece6ff093942e0b0ca9fdce5c942aa88cc927f16945370a877d0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
77KB

MD5
955c08b008e2c073bb281bce5bd47c0c

SHA1
d4d3e61e5170f27eaa97b5c5f520a6276e0e4b8f

SHA256
5010cb118e8a47a160b046ecdd949b2922f300684427a99f929093b00c321d41

SHA512
5fd5583c89d7d75131af9b175a48dfa7020e5d3e369568e789a768be498b6f980136452e19d7694dac3d6bdfb022ace996d1b1bbb9544bda6857e0afc1f7d71a

Download Submit
memory/1252-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1252-62-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download