406a67e41ce10d2f4517b70fb36ac18ac81c6c953cda72b5abfa818a867507cd

General

Target

37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
Size

107KB
MD5

37cd87ef6a81d4c8ab31875da0f97370
SHA1

2d4591893fb67f19086ae23490f5d9526ce2d815
SHA256

406a67e41ce10d2f4517b70fb36ac18ac81c6c953cda72b5abfa818a867507cd
SHA512

d7ea3a301fa3ba93316b6480a921ac3527f068ed5e5cdb5f9ded6c4fe5c5143733a613b9b89d34a390b60b8023f00de46d017106c520233cb253b51396559453
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hff+K:hfAIuZAIuYSMjoqtMHfhffPnJ9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (518) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2200-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\37cd87ef6a81d4c8ab31875da0f97370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2200

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
107KB

MD5
bfe16a258cb42d15e63a5002afda5493

SHA1
dff0fac9487078575e35e9d0c162afefa1663346

SHA256
799644c82f1f5c14a81c74262cc63458dab2d14d26d766a8e9a7306489957e5b

SHA512
5ff09144bec00001ba5ccbe08ddef37cebedba3d502d79595cacc93006d6464f3a7b5a7968918c7fbc0f67d360d72cc0e711fbe1b75f71e92d8534aa755e0c49

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
116KB

MD5
98b681e7c9cee334c8e545d772a701a6

SHA1
ab49a8d10897109ee6e95b316a9453998784f325

SHA256
e95e0dd32ca3f32ddd40d77c0dc72e8840d64799f4763e6cf2cffc44e6289006

SHA512
d2e279334bf5fd1158e9f20539e7b995c4f2e9f1ea44ca1c64e2151b806f38675bd1252ea77b252b237167f09e93de7059ce54b0a1418fc53bc7bac2f7b82aa2

Download Submit
memory/2200-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2200-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing