35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
Size

54KB
MD5

65512d72ed3012bd8d9470bb61c113b0
SHA1

628966932d3ecf3b6eebb7244821cabfa957f0d0
SHA256

35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9
SHA512

1a913f669f5a7cdfcd126938d5b781a468ccb5b46b8d9bcdbc566a6ac0225f8fa8caf8b0b25f8a5c7e648377da638165e3fae6839ac3b6f2d0b624de2b08d13b
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx1ev1wcw6RHR9:KQSo/1wcw6RHR9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5026) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/748-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/748-1052-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
Filesize
54KB

MD5
95c5616dbd1056f5d360570c4a412aaa

SHA1
da8ffa61e2f64f695dbf9d20b7d66bf2effa6865

SHA256
8807b2bb57622f868b6c9d6a837edf78ba18cfd7a08aee661845a7ca3feef9d3

SHA512
138e6fa2db0932fb43386c70dc1199c2d81467bc91cd6e0d04f6e181d623dc0ab5b7369a7af244298afe4630b6f4b4e8f5f193cd06d43858d66aefe444df2579

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
153KB

MD5
98808b655c083bebba449b523619593c

SHA1
f8973c6664032d3219fca6e4e298fabe232876a5

SHA256
f0198cc54f101b4c4fde0e1cd346bbb0e514c777f6996868b9fb3194a8737391

SHA512
3fdb54375950170407d0821a371baa3dffa7bfe5161a171d10c9abb672af87025ae30c6c90e02c2c9d13d3cb277f3c4a7b45d6a009b3ea230af322466aa18104

Download Submit
memory/748-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/748-1052-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download