82b40788af745ddf5da5a423cd00ea603ea558a49f1f66b460cf18681fd99664

General

Target

3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
Size

55KB
MD5

3bd22087a4795cdf0ea1fe669cba14f0
SHA1

202dfd22d8f581d071f5505ee3c3ba060f64927c
SHA256

82b40788af745ddf5da5a423cd00ea603ea558a49f1f66b460cf18681fd99664
SHA512

4a58048f6a508238d6259e732eda1817e6e6f852160e413f2fff03b27f886fa71382f2cdae96c9385dbaf5440e258f8ca6dfcf9f29922333ef710b0e398847aa
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFFP:CTWn1++PJHJXA/OsIZfzc3/Q8yiL

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5230) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4596-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/4596-1154-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessResume.dotx.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
56KB

MD5
5cb6fa69389f23bb61fb4fe395f0464a

SHA1
e26c61ddac5205bce7c677674ef5b244052b4a86

SHA256
cc09eaba5904797e40d90c7d609ec3299b601c742e4641945ef1226014184e9e

SHA512
8e7cd4dd7b1563d72e1018c60f662d9adc6e08164cd1331a72222c61d09f11ac6d124a5cf99c505eec40950066dbc66b7b04d60a417ccea2e0b551ab4d8c95f6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
154KB

MD5
9beaa3a9d2a3592314f8f0a973e207fd

SHA1
f38fc5e5b59c5a6496222d9926c9a8609c6dba3d

SHA256
430e3fdf904879f29e2d98428f99d32028f40f39cab7a64ad9e3b52b3ca60588

SHA512
f7a3e7b60789a7629860bc404da6dce9b4dc6859a0e38c5fc1ccc7684e2425e9ee20af3807ca6ff3997bc225c52369746b2f77a014c8768dba8d73fee12e64d5

Download Submit
memory/4596-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4596-1154-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing