b81f3377b6a139ac064f7316451545d08ad580f3bf812ce7b0f83263b10e372b

General

Target

ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
Size

62KB
MD5

ac9bf9f0018ec833aaae8269bcf33a10
SHA1

382c07667371bc27791793ecbe208c0f59a9c29a
SHA256

b81f3377b6a139ac064f7316451545d08ad580f3bf812ce7b0f83263b10e372b
SHA512

0018cc8c584110a76cec2ec3e4a28eec375e54b43b0c046927c8fdc1a705ab99cd5cb9661830ab36f93a1a3771ce399f04235efeb6c982b266133a861a7f92c5
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q83:+nyiQSog

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3828-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/3828-1862-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
62KB

MD5
27de77e44751d939199aa9d9f015a63a

SHA1
987a7b76b263a62af8a673e5900e7236bd7ff425

SHA256
96986e7337e70cdc346b4752d1b46aacb90d4417ff01be7c48d96d198a8814c3

SHA512
8134c480db13ba73d1309949f81b745312c6a865626e6505ba20626d2fb0b8aaaf60bdeb6be35372bdfcf98561458be0743fe7c6c8af171f600a0fb4e914bf82

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
161KB

MD5
fbad470c7e5338f74bfecd1b2cc535ad

SHA1
2999ffe0a8df98678f93d7c8ee19ec509f96bf66

SHA256
832d37ef6b59b195dcaee33e6fb95fc43d4c58de66ba18211033df39c9de688a

SHA512
376aa7db7382dbe19a3dcf27c8fd9f2ac61739aee3c6c3d1e0d87c5090b54c83a09f52e8c18787f0be0072698b721b71772d9ef5c891e2f47c5b68777756dd0d

Download Submit
memory/3828-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3828-1862-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing