c2057f2b7572393607de40beb4596e6288ed602ce5db9dc260178f291ea3ea57

General

Target

0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
Size

59KB
MD5

0e624c0f7be4c9882871986836da4e20
SHA1

1a6bbb95d5b8b697db570ae29294562fae7f3c3b
SHA256

c2057f2b7572393607de40beb4596e6288ed602ce5db9dc260178f291ea3ea57
SHA512

2cdf6514a60a236a0b3f78d5f6e9435b8be3487698041ee7674571b6bbf208f4d2becdeb3c03d00d8b9d9305de38e89d3fd7346ff8ef083492cd9216f9c79bcf
SSDEEP

768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmvjxHvD:67Zf/FAxTWY1++PJHJXA/OsIZ0v9Hv9V

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2456-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/2456-1786-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e624c0f7be4c9882871986836da4e20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
Filesize
60KB

MD5
919c512616f7362798e1df3d44fc7479

SHA1
9edec1b6761969c250095973c893af98a4217ab9

SHA256
92c99687122124038c76ce6432ea23c4c2c27e5c268522f95ed7b6b5ea22fd65

SHA512
a7fe6e79273f7b03cea3cc89809237575b8f48d255a9a160c2b95c7cb941956a150d3acdc5a5329d105c90ffe4a5712b8d5217f6794dadc71a649e8beb941df6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
159KB

MD5
4cb7da6a89c9c56e30fa41d7c5cd2037

SHA1
7eb9a3c28d5ddbbbaad8c0a75d0dfea8ddfebbc5

SHA256
630b20f71c152d94e6cb2b6b5ea8aad6a5da3a7e9adfa32a808d83c2dd9c9f9a

SHA512
81a44fd214c28191db93cf3133127bf41921b1e4c3403bf37bf12c9bd8fc63b9ea5d57e953854494f13ea7ed4f89ee96ca5391c2d905b25822f49f2e956e68df

Download Submit
memory/2456-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2456-1786-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing