c6054d70cf1f65f5d7a5ff3d6caa0d868053f567c73a8611be088986b6ae6d6a

General

Target

602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
Size

123KB
MD5

602d5013188855fcd0ecf48ad593ac10
SHA1

1bdc4be7a99bfc83ff1076c06079724ccd537c2e
SHA256

c6054d70cf1f65f5d7a5ff3d6caa0d868053f567c73a8611be088986b6ae6d6a
SHA512

2576e3fa95b1c9f789971d4417a7fddf1c078d7566f0b9789def0eeab73443a948970c5817a763dacb06aa648ac83d2d491275ff521cefa6af863d3ade3d3509
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC+:+nymCAIuZAIuYSMjoqtMHfhfb

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4865) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4964-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/4964-1784-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\602d5013188855fcd0ecf48ad593ac10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
123KB

MD5
e272432aca56c8b8f9cfa45fc4c2d4ff

SHA1
ff3af23297b86f7de2716800fc25258da57435dd

SHA256
5a1c81241208737ec9c2a6e72327804d181f0eb76058f5f72b94ec427bae37b5

SHA512
8bcc9d5c5adb3cf63f7e8ab175dcc04d479b4288cc415d59901527cf0989f1dac357b916356bf631524bcfe6dc9650e87a990eff6643637986642c2c87173c91

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
222KB

MD5
9648e0727c54de7ebd978a92c20364c3

SHA1
de68f6d6b6626da3719f7543cd0e4ed08244e669

SHA256
721f451512346ffc25f32745253b750d6abde0b48417d6028f57f8634061fca4

SHA512
0d08f7d2af3875a2fc685143516bad13b1de35c35772f42c693e57c26cd49e0f682a593182cf86ad34119ddb7f266df0f5fee010326717a55f607e9533bbdfc7

Download Submit
memory/4964-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4964-1784-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing