3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
Size

79KB
MD5

57709a81a4bc61e4e3cf110eb52dcda0
SHA1

31664f36aa622f0afd04abf6777db0034f942fec
SHA256

3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3
SHA512

c43a39bf961a925ba69d7147e75e4d1a158df0492ce552cbacdf8e6458f60b88a181637319a1953e841b79295c7a3a744cba92f39fd476111f464b807808262a
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuYSbGJLV:enaym3AIuZAIuS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/672-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/672-1786-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3437d8caa02f0a7a8315e583706dc50e2860e85d0a8bf5da52cf4fe8f1ef65f3_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
80KB

MD5
1c9a47b7feff90d62f13ed0a2fa5c8ec

SHA1
414a8bab814983ab55c950e0793cd7b2f9b0f2d5

SHA256
8c45802e3b6c48b32c20d68bd2af14d8d6d2417e048cb6428cceed13a3cafd85

SHA512
e756a0b798c0f7d314f87eecb98639a8856fe165a9fcbef0aafa817e883827380eb0fc0b88a68a16a4d1fb246c343003dca6bd9f4e6c5a962a67c33ab3ab4b15

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
178KB

MD5
29476bbe4fbac56aad4802060b91a0ad

SHA1
092e4c3553407429cc24fb877b208b1c0d399d64

SHA256
efbc45d77c4b5d69ae24fb5fe7acbe33e7bee1ae3c815599ff69d21d18e79431

SHA512
b349a05fb9a1d30bd89139fb1da50570358e88f3a6a9213f310c6daa12340d088b830603426b77ba2ae188dbe74e0c4b6c94bc441e9fe3ed74350bc910345ff4

Download Submit
memory/672-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/672-1786-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download