d938a57e1b6ed7db312eb24f7ecb8539657f37bcbe7093ab4a4fb71d41d7473c

General

Target

6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
Size

63KB
MD5

6322952364426b74ca1c9a8adae177b0
SHA1

f74e67d9c29ba9328a920775347dbf0c6b8e3593
SHA256

d938a57e1b6ed7db312eb24f7ecb8539657f37bcbe7093ab4a4fb71d41d7473c
SHA512

729d50ef72ecb2654ede8c5bc19ef82a247b4237d47df5c8d14da78de9fbe449d861022feb397b187b5d46d2af462eead18e4c2e66eef6cdc2a2be612a3657fe
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q1pkP:+nyiQSo1e

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2612-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2612-72-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\InstallMeasure.sys.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\ConfirmComplete.M2TS.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6322952364426b74ca1c9a8adae177b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
63KB

MD5
2c0a54506f5c08836f1a1709a40c5a22

SHA1
56bd48c2289b175af2610fa340415c7446c19e84

SHA256
3fb71e61032468300ba9e0c75c3287a7d9b0ff6050cf4cf8ed3a421b209fc79f

SHA512
d234c82e15b7ae74a760f80f9f7a7932e9651b5c3de6ee5fbf653ac8c43b9c36fbc9837004212af413021e94c31d3172849dc5ab61f7e23d43e94dfec49629a2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
72KB

MD5
50e3808278c9191477bebbb1ae84d2dc

SHA1
4d0c25bc33abad6693146646103885d6088ef351

SHA256
1a16bd5bc249d6ef6947604f807cd368b0c3390d725e7362014cb5b2dc9c51b2

SHA512
554a232a3932c0f67644d767c30303eecc2d980ae83f70e44645122a2de9a78e5c650395bb6f550f44ca782fa091a2459084481c85a0ae8597c48d20399b1980

Download Submit
memory/2612-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2612-72-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing