0b82a5adc6ab559abce748596e2272870f20ba4b508af89b670c3aec74be0233

General

Target

73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
Size

201KB
MD5

73cbc996bd7fca8498c69f157e688ec0
SHA1

e3294f098a0853a03f550daffc0e0ed672eb9e69
SHA256

0b82a5adc6ab559abce748596e2272870f20ba4b508af89b670c3aec74be0233
SHA512

b1d45a6bae3ddb72971246f50200cdeaa3e5175f7580265e6c87cc1ffb545947ac16c9863d79a7d0c996e00e0c02954b6f6b0a587704071bcb6f64905afbd375
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtdU9N9xaiFk:KQSo1EZGtKgZGtK/CAIuZAIukT2im

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1956-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/1956-794-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\73cbc996bd7fca8498c69f157e688ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
202KB

MD5
61c36a1c59dcbdae83d1795f45ee0caa

SHA1
fe97fa3ebb33a5c14b4ac21a1ac59ef757a071dc

SHA256
c2784c3d644ecc0336c0d0707b63a475722e85fbfbcb1faf1de7083af291bb31

SHA512
528a3a82b890390cc6c11772ba0f1a7235a74a1b4f64d029ea08003f08a178de9bdb2c72fdfec9acd3ca78ba59045d652f8d22eb741214792e16e837f09bf432

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
300KB

MD5
2f8e1569e5022f4eb5a487b6b47c3ce7

SHA1
f1236a1af3d224aadfb499117d23fbd4064d8ade

SHA256
8af39a63b6be56ea4d1858461364b0a04a9fea62241fcccb04f0ae57f6a828b6

SHA512
8abe273beec2f0f23c6fcb54994aaa55c944fc0114378967a372704227bbe8e3b9e0a199cd6ab2f2671f4dfcb3ed2dbad858a29cf5d3c910f56306e96f177acd

Download Submit
memory/1956-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1956-794-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing