35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
Size

83KB
MD5

e01dcae3e48fd0e70a8711ebb7d1db60
SHA1

ed216ee13cc145ae3f57532a19752b75f58107ce
SHA256

35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08
SHA512

21f4a5e0d4f9fd3b2dbec87556b38b179f3490a1d33412e8b4d2de7c13b48c12bb61c382c1633aed5aa379ab434b4925987d8ee3e87a57655288ebb84820489a
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8zx1:enaypQSos

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5101) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3016-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/3016-1824-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\ConfirmUninstall.mov.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
84KB

MD5
87fa2b51c434fcdd2c62817eea0ce067

SHA1
b8eb5fcc125353786e161dd913793954e21a5c39

SHA256
82763a8edf27340e6f033e43e014e423390df5bdfeb284525bcd265d1d1d2c5c

SHA512
4f0b97c9552ef692ff5c796b01499cb14343e8d4054290202382010e1eeb1eed94dd27c0de478fcd6286fb7079622fbc686a1cde584beabf923991b6c650c790

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
183KB

MD5
55c5bdb57ef448e91211b77ac98cc785

SHA1
287ab72527ade74e9fd05dc50463b5e47a6abb18

SHA256
540ea49159f918de8d637e0cef43fb9d46cd91c7f45175cb6ef583de73f47b9f

SHA512
1204cccafaa913ba3d41aad9d3f8be388a35412f8e94619e956ff9cfda864381a89aa48157b35ee948296934bc1ee7e057d43db281d1f1e958a3f802d8cfdec1

Download Submit
memory/3016-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3016-1824-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download