d9ce548ccee86f992574905fcb869b10ab853f3fb1e4e0ce24b71d0f65193339

General

Target

959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
Size

137KB
MD5

959668a67fdd854b56b7386facc28090
SHA1

02c969c64e9e20711bb00b53a34995f5fa7c4524
SHA256

d9ce548ccee86f992574905fcb869b10ab853f3fb1e4e0ce24b71d0f65193339
SHA512

25838caaa0466346084094402858be59ae69da31ff9aad5c036f01cacd158e8b53c4e3a28664675dd774b472a8fddb4ea8ede138685cb158fc419bb0251072e5
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8yi61:fnyiQSo/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1788) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\959668a67fdd854b56b7386facc28090_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
138KB

MD5
1de723ccc01b0412301c8951b6a1e4c0

SHA1
9e0fed0b6e9f2afa0821254053b34e5d86c1d3d9

SHA256
047e0eb645a1d053c0e88f89bde947e42cb58bbf55d334a3f8f9d57885ef99cc

SHA512
84713057b94c476b14c0ae4435bb2db0d5e435154e7beddb2de6ca719c5955e4815bdcb6a187370e8b04a98b1b6d4ae980d6cdfb2787cb40d969e926eea2b728

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
236KB

MD5
b153d86b57c876844dcfefe56bb21156

SHA1
d2a253cf3f767bbe097385d111c89f548848d0d2

SHA256
66267840a503b7c5189b29980e1d1d6a59bd2c16b9a84f3d574f717516268534

SHA512
9788dc759a053ae4f17dd9e74753c8b1c105d32d646a506bdeb04b8ac3af2097fa0c40b21f6a730392e677c28ea7071274566e7584e81002817fae4c9d998b0c

Download Submit
memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing