7e775d102a6c5f6f855d67f95d2ac9457dd955cd9d453becef6e5e506fb37a77

General

Target

8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
Size

203KB
MD5

8d32954f507b62d7d399c0fbda73b3c0
SHA1

1b5504b43fae9369b89be3985fdaa7b78df2e50e
SHA256

7e775d102a6c5f6f855d67f95d2ac9457dd955cd9d453becef6e5e506fb37a77
SHA512

4137440dda0fa7148f32bbf6824ddd8dea66e0db8eb946ef4698b518d7dc6737823d35d1e999fc75e721ca62ab3cf75a34ae1163c5a99337a001f0b82f008e91
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfJ6W2QZwKS79:wHm3AIuZAIuDMVtM/L2ZKS79

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4679) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3044-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/3044-1636-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d32954f507b62d7d399c0fbda73b3c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
203KB

MD5
ec8d8961330b1a2e70a1c0dc01584e0a

SHA1
563f9788c92ef28e8a941e4d93498b0667605966

SHA256
433750c9fe468eadbae486b5e3b42d3b51e1b98295acdd50190672d1373a50d4

SHA512
838774244cc4da0a6d49b6fe991cb52dc2ff8bd2e583087adfe4e943c6fd396e12ac88310d6bd44243e2083501385de123c1d02c8ef56a8e4471200075c95de6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
302KB

MD5
a2bf3ac2178de0ca01d53a965fd13d66

SHA1
2b0ffc072324bd865403302eb43ef3a28f76ed3a

SHA256
d00ebca570f5001ab7d8c57d6259fec7bbce395eb4052df90aefd1193c29a5aa

SHA512
2f48a507b3d48c8df41eae44a0f11095c6b2a2ab033ef81aed25b86fbc836f72c2c1336a6c37ef12845441767dc7128e8aab9ab7544d5327c10e3671f0f8ade2

Download Submit
memory/3044-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3044-1636-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing