3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095

Analysis

max time kernel
11s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
Size

67KB
MD5

91301cf001c43df03569472355b138b0
SHA1

f7e4cefc7c4d57e9169198b21addee796208d0d5
SHA256

3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095
SHA512

066e4851d1fbd3d21caad4de39d3a94b9cfdc16f01538d62980a3e3ca5a736786eb907de33c29d990af62407078b8636e528744f7c5e23986515e077293d5262
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8m:fnyiQSox

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1292-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\Program Files\7-Zip\7-zip.dll.exe	upx
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp	upx
behavioral2/memory/1292-1590-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\BlockRedo.wmf.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\CloseConfirm.potx.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3081ab66c95ca3a9289c23ab49f6c537f818aacc297b3839bb8a5c52eb083095_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
68KB

MD5
aee68f195b9529c87761da7c41f5e424

SHA1
9cdf7352d505b30948aacfdadc475f0c9f586900

SHA256
513bc1dde899ad198ae1c47bf6a79e40fac0c8a80ef4e7603ec25f4110873edb

SHA512
722350219118f2575aeea20b0d13aad8a4efd19aa09db0bac107e651947bac12c0d6949461d793f027bc770a51d1586e9101eac503c3baf87dc31e8582e990a6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
166KB

MD5
4518bad73a4352723030247ed02a5033

SHA1
9c793a78a39128d08c147cd91096b4db9e42a308

SHA256
b1839774bee8204463a5d1b54b972adbb1dedb100d6ebf0ee66a786b72751334

SHA512
a4417944f9c2f1a53b7bfb2d47f6f4218031c4da9966692264a3b462151aac7f64244062275e83e7e8c67223cbb67e12996443369c30107f12ca27977a990af9

Download Submit
memory/1292-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1292-1590-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download