5b5b3fb978809d16969dea2a09186f085405b049792348f5b8af3b3d8cd67330

General

Target

41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
Size

219KB
MD5

41d2c387f470e6406be9bcde57772610
SHA1

a6ba31e69cb629d68ab7dd408dae7b06b6787747
SHA256

5b5b3fb978809d16969dea2a09186f085405b049792348f5b8af3b3d8cd67330
SHA512

8bdba481f05b4b55541f4730b050faf6fb064c780c281e562a15064c987f32337e82f8069782d6b4e8a85ea7fd2f9ca86194c7c3897a211b837fb499310ef6ff
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhf9fAIuZAIuYSMjoqtMHfhf+:JmCAIuZAIuDMVtM/LfAIuZAIuDMVtM/4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (335) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2304-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2304-64-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\41d2c387f470e6406be9bcde57772610_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
219KB

MD5
ad557e3ba680f433501c19db01bc6b96

SHA1
5b34d073bf49143e5b4c6a4dd13bae559d35f371

SHA256
76393119cef94f18873c68221a490811ef03c0a717eac6441e78464bab8b9efd

SHA512
1dde06ca727cf0880321bddf4e43879c5e033a5baec1ec740aa96b0081585ced1401c1aed6d7971253f4deb157476b11c804bc4780ca8e39c48ac6eb682feb70

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
228KB

MD5
62f34a232c90128887ef9a668f8d55f2

SHA1
eca7a10a76ef8e0fffdd7d7725cd4ee6e343589c

SHA256
f92f73d072f987f4f16cfc99e7dcca70c27fa7d63203f032325d8acb077aa670

SHA512
0bb002b35794cdb4c6f09173a31d3b9f775bf00d5c9e045bfe93032f429cacb166a1ef919e890e83bae2edbb4d5b8a02bd408e47bb90c755aaa524bf8b0992a7

Download Submit
memory/2304-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2304-64-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing