35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca

Analysis

max time kernel
150s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
Size

90KB
MD5

68e913b13d50f12fd938b8cf579985e0
SHA1

d6f12dc2916530aa9221ebed7ce07995f5b3e013
SHA256

35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca
SHA512

b454f1cf5bfe6a610f7209af21f35ea0ce8ba4a3497bedb0781b7bfce57d545d9253befddd4203e157a6c73b8c07b5a795794715cd8e514312f6d7eee77a6470
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOVYd7n97nF:fnyiQSohsUsKY5ZF

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4864) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1448-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/1448-1804-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
90KB

MD5
5ff35b6bbdff1b68c84e566d6d5f6f03

SHA1
2896a9931ac604c2abc3009fecf4b9ddfd71d91a

SHA256
be1de95a2786800af2278d0a2ce1d2ac906b81f4a329e79af0257937d8fee527

SHA512
328e08bae0ce34ba98faf51f0c8f84ef72385c2886e995ec6a60d8453d69c36c12f7f2281ce843677cd33f994484f832ada79cd128066e9a8b832d4809a06cc3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
189KB

MD5
0d3a2b4fa554ddeb10e0b496bc71fc40

SHA1
872b510a26cddf795203e2ee7267c84eeaf8b730

SHA256
0fa62f27e274b7935e31d036dfd6c2d0cfb97d8b6196c0b85580399f9efe5fa0

SHA512
7176df3fa43d4e3d83c273e792a41c09836d1dfcf284875818d9b9232b9538d6ca803d5b87e205daa0056501d37e46cc234ba1f0b891dc903bc3009c9fd34886

Download Submit
memory/1448-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1448-1804-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download