cc54defc823313284908dad1aec788e47af495aa2fc17a0ea8d7b199d7b7aed7

General

Target

01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
Size

2.6MB
MD5

01f6e51fcf7519ab1fdef65c54bc04b0
SHA1

1dd9a6500f909863191b07d59d2f0be5188d4774
SHA256

cc54defc823313284908dad1aec788e47af495aa2fc17a0ea8d7b199d7b7aed7
SHA512

e64a3f96d1cb4a079c9ba77a1f5e31f7e7af8aed982f4bfb2f97815e0423ff6376bad5e67199fedeed86673efb166c10435f8544feef998060f9e96618a5794a
SSDEEP

49152:AhpSlUqOChhzcnxAm2zbkwKfDVlSsq5+7myQI9SSerNBgm:g3CQ3iTKvS1+CRI92h

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (226) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3004-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/3004-124-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\01f6e51fcf7519ab1fdef65c54bc04b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
2.6MB

MD5
eeb991bf4cd885f3ad5d28f0e4094403

SHA1
abffde4102b43659135cdbcd21f94dff7f36e3ed

SHA256
926fabe7f616f887f45a48f9d8ac6a3c30ee7c05b0fc13467c8ac9e880302188

SHA512
02e038e09dea451a58ce2694224190fc72cda4d1d2d63eb10c869f4dce56817431c0efe2bb01e73d5b6b9ba8e5a0616895a6dee76605b3deb32e5d283738460e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
2.6MB

MD5
40f6860f74fca58c3c5c47fa2edcff44

SHA1
7ff615d2b97ad6d7766a0c3d7bcf97526288896a

SHA256
9a490ed522737638662ec1ceea0e44007f647ea20a25f6a2312f595d8f8da63e

SHA512
6332caa6c07927cfdd1853e92e8005eecc1fe3a16c19da474703326757c32ccb29a7e933d14d9c4e44d324d9b93e9607d8faf32e66ba0e4083845440d5e18303

Download Submit
memory/3004-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3004-124-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing