d9ce548ccee86f992574905fcb869b10ab853f3fb1e4e0ce24b71d0f65193339

General

Target

959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
Size

137KB
MD5

959668a67fdd854b56b7386facc28090
SHA1

02c969c64e9e20711bb00b53a34995f5fa7c4524
SHA256

d9ce548ccee86f992574905fcb869b10ab853f3fb1e4e0ce24b71d0f65193339
SHA512

25838caaa0466346084094402858be59ae69da31ff9aad5c036f01cacd158e8b53c4e3a28664675dd774b472a8fddb4ea8ede138685cb158fc419bb0251072e5
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8yi61:fnyiQSo/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (516) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1556-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1556-64-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1556

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
138KB

MD5
8f9eaf5c221e2207aa96b56c382a7a33

SHA1
688eecb10e62a71626af734fd9bea4cd3ba27b17

SHA256
ab072ac00a8b04186ca11f5323691b8b1349a468855af5d9d2712b0f5fbe6d3a

SHA512
f824527c9748e849a4fc97791b9203a1b0b4d2cf6ec87af693d1ab84a09d0520ca519db48fb6e69ddfb590d2c84d3fd116c7ea69ce18f02db136a53a33a29316

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
146KB

MD5
05aa0064d401682226203afd3a6df0fb

SHA1
85354a63b074ee615504abe539b735f22203fb92

SHA256
eecbe59290e07cfab9442933b788a705612c16fc9802db2b95bdd98ce3df356c

SHA512
539803fa0bf220040db505b6c4a8e3fab530daff135b1939a4f29e9c7bee43a3e3f68cef2ae0983a7179cd9d1365d2425e3ebb9aef2e2db7af5937e51290c021

Download Submit
memory/1556-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1556-64-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing