3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913

Analysis

max time kernel
52s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
Size

56KB
MD5

051ac7fcd68e0c3b69a87f1ead94d710
SHA1

1d93b4dc232bfeb6c503ceac6a8d7663f11b6305
SHA256

3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913
SHA512

3feac3b35d9b09054b9dcf0f4e0f04a24ed5a15016b4a447f7fda40fd7122ba766e7bd01e196cfb37889e8998f98257c06e5dbe4ee7b39e55e7b0792fea7c3c9
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzs:CTWn1++PJHJXA/OsIZfzc3/Q8zx5858k

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/840-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/840-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3419ec503bab3c822a7f3439ec9f49f63b5031962191decd2d498edd75174913_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
Filesize
56KB

MD5
9b39545ea4646def63be2630d636a86c

SHA1
3b41e990bfc79d8b33f3c44734e1a6140e6f8e25

SHA256
1c8402d27fb66dcd80bac019b191ac68720bcc2a0084e26d2fd7984dfa36cb3f

SHA512
6d8250a185446028e5e1973bce5302a39f6df6b1771b42e7af81960a1c12e718609cb59b3b985eedde7e2f74a848c4d3706c366b7974d0e3e920991fa454069a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
65KB

MD5
3e3312c507971295a09523f938c3a4e4

SHA1
dbe947c118223dd7b7cca9b9af6596a86db4ac84

SHA256
06f7a4d37ce706ce0ebf03f5b83822123b1f0d33d1e031dd0ab74fbac6447c51

SHA512
db1f5dd606b4b6c4373a7117f20cc385ef98990afc621cdbb704ce7c9911b3c28c7ab832e87ead8c820da1b5c00ac5cb43f2555438eaf593028ec22cd1b4b10b

Download Submit
memory/840-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/840-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download