8e5d5877d745743390e29d2f7059a021be00e66a08e540db4006c1465d9d4a63

General

Target

396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
Size

72KB
MD5

396d3509ede3a9070a0a2a8928f29230
SHA1

3b668ce88c0962d779bed6b344202a6cc7203c00
SHA256

8e5d5877d745743390e29d2f7059a021be00e66a08e540db4006c1465d9d4a63
SHA512

9dbc551461617193d41052ef91e2e1bad195e4e81aaadceb1736d4614d2082e1b6ca124691fb37d8cf49016e1bb386c8da7dc5872b039bb55f762b8b0e3511bf
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJ5Jb1JbO:+nyiQSo0

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5100) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4932-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/4932-1858-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
72KB

MD5
c53a2e47e1cec5ba9fa2debe19115cac

SHA1
1733cdbdec83adc0add9c232d469f203b9681636

SHA256
4ac4ad654979cea95e9eceabb571782bf28458112c398aeda515253ee96209f3

SHA512
8959ded905245a28006117f0a5204bb77f9437cc0006d5f84f68ec77d6fd5bc41f08045bfef8f3f71a6a96a94f717b7cc418d3d9a308053966594098e6c44b2b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
375dc11618c242db83e502f5638796ea

SHA1
452f66426fd1722a8710268f030900f25c8044d1

SHA256
e4fd78173f95b452898e9bc0ca0bba4865464933a10f3abe2ce1dc0ad192363b

SHA512
4f08ebc6890dab1fbce5779a94e0704b976ff04a980117b682ca9be8a7297deafd05715c743344617725de0b653f2190f8ad7d4e2793e4888bbfa1a5bc4d2b2b

Download Submit
memory/4932-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4932-1858-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing