49bd0c406726526c6e068f7b2ca20617c3e9acc280660671f4b093bf615777e1

General

Target

529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
Size

128KB
MD5

529c162c8be8d29a918083924db8e0d0
SHA1

726d9eed1882299825e8477685ecf23897ae3b5a
SHA256

49bd0c406726526c6e068f7b2ca20617c3e9acc280660671f4b093bf615777e1
SHA512

9cd2740bf95102b026b06b105009104b9eb17da00860da2b101cac36d3896adc1e2716e55b94835d865e95c1ed0282081cf64ba1b3f4334427c7204321dfd0d3
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCm:+nymCAIuZAIuYSMjoqtMHfhfL

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4819) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1176-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/1176-1746-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
Filesize
129KB

MD5
0072f3bf66ba7c42b429e8b054b3156f

SHA1
92a8fd157718d04a70f781dfa4f9472aec15c3da

SHA256
bfd1da1ecd09bfb050fe1fbdbd8dee45f33b1105ba73a71e427abd687506d7ea

SHA512
e94787e4dd4caab03913950dacf2815c156c61b9c75a6160444919cd004a23e897eed457b74e239bdf8bf95588348a27cf156d054634d43f521a3ecf7eda78ad

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
227KB

MD5
5a20d9899976e6375471caadcbb8cb60

SHA1
9630e6ab263b5efacca332b32be9ecdc01970700

SHA256
8f8c7146d09f027ae651cf31f188ecd853225bd3a88b87aca88afe6d6aa92770

SHA512
779269d8b2681bc4402c663555b3605a45c4e9996572105ade6647381a8b4d0f4515645421baa740485d29ac98783deaa1173d0a9b842745cb6ddfb366d16a44

Download Submit
memory/1176-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1176-1746-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing