18c642a9dbb1fba281588db270803fcefb1aae5ff8145a4d82ece064fef7b1c5

General

Target

7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
Size

105KB
MD5

7e12884be1afc7a0386f7ba92b9d1420
SHA1

86f29d5060da6c153cb4f51999af417ff36cf837
SHA256

18c642a9dbb1fba281588db270803fcefb1aae5ff8145a4d82ece064fef7b1c5
SHA512

81a9f168974425ec47ac2ab126f11c5e91e68ee19e4265c173e511a7796d6c27bf8225bd522236aa11ecc2ea4ff0e2039e3a231ac2c2e0625f402e180882aab3
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf4:hfAIuZAIuYSMjoqtMHfhf4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4678) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3872-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/3872-854-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp	7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7e12884be1afc7a0386f7ba92b9d1420_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
105KB

MD5
c6f5ee645cfb099dfcc155e4b6f48bcb

SHA1
365c742b54f5e81665a12511dbed721c94ffeec4

SHA256
945d9dbc21e2674e5b867e97f916afe5d40c137af1f3b76f1602fb36f203d4d5

SHA512
efc581452617acc551adf6102e0d1fd8fe80a777df7384c749f93ad9b1ea579e41db0996494b02ea57e6ec0a5feb580cae974ed677742403893ab69863a706fe

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
204KB

MD5
39a5bf4e47d037918ceaa6f2154c0a63

SHA1
be1f5cf7926d410a2c65c7c659729becb91c6542

SHA256
08c38e2f1c66bdcf2df112273cd6d7d72252bc465f1c54cc27de39b0483933e1

SHA512
9996ddbb905991901004d058165d4531a4fea0f13bc22fb3464a0b4c35dc6de68e4427aa411d2693d625d482613e5919d511fc7cd1e8c1d2a9a6acc7275e81ea

Download Submit
memory/3872-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3872-854-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing