330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec

Analysis

max time kernel
46s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
Size

66KB
MD5

780febe393568689c05883434fe68ae0
SHA1

a5202db88343d8f2bf1f99cf0a01788851e8a248
SHA256

330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec
SHA512

d35bee157ab4a75822f38e5b09dd5d8c476ff431649fb1fdb00a494f4635577827b3ed1844372ca54521ec435537cd83fbcdb3687704f9b3a023a30d46fcd975
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzy:CTWn1++PJHJXA/OsIZfzc3/Q8zxSLpM6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1260-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/1260-1-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp	upx
C:\libsmartscreen.dll.tmp	upx
behavioral2/memory/1260-241-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\CloseSend.MTS.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\330ce0d8644b658359ecdb0b8b37a96e760961eb46de3c4be6a4940cbcbecfec_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3952 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:3080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
66KB

MD5
fed607c44e2eb18046a30de985b4dd1a

SHA1
24238bbac11f9347814cd7d99d4ddd52a35a6a04

SHA256
a95727f1d02e26b2c090505a6af26886139b1292f80eba0d42f9810ba73d3448

SHA512
69fadd40dab8b04785d9113fb39605a86867f7c48499b08fda229c801af567cdfe4e5236ebbf06cc2660c2ad10ca3c1a5543b1e638e03b4374fd7b5b681e73af

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
66KB

MD5
78efa6bc04ec73e661e2c31ed46ee350

SHA1
51670133c8c9f7707254242251dfd05264e123ae

SHA256
ef3eb857c56995254a923a5cc77f185c3d9878fa1cd633858239cbb4ad956a3e

SHA512
666bbb87afc74e31f0e2e8df6ee2dc2cdd621f4c328e296e8063a867c8c96cdf283187a179ef0401c7a40d9292e30b7f1b8ab9c53c695b902be6b4581171d474

Download Submit
memory/1260-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1260-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1260-241-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download