0d915dddbbecb3362fadf9a3834011096294767752021a13b0d145a8b3da5294

General

Target

13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
Size

64KB
MD5

13fcf923e536aa8367288a21507710f0
SHA1

47d2f886769cea08a4d5cdc7dbbfac94254f9b5f
SHA256

0d915dddbbecb3362fadf9a3834011096294767752021a13b0d145a8b3da5294
SHA512

af6e27bcd86813f43d935527b259d0e2a52cc6189b82faf687d5ae19a7500858bd360bffd415f03cf4694d43e36ff1a05b9690bd44e311a17eb5376ee5bdc3ed
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8c9H:+nyiQSoB

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (926) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2888-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2888-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\13fcf923e536aa8367288a21507710f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2888

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
64KB

MD5
109010cc392e9906acf18661dd4f4279

SHA1
76d055218ac1fb822cd32e8736e9efe6f3e442f0

SHA256
264049dbb880f02b87929dc06e7fc5057a406e9c13e3500e26b0b166a3a6453d

SHA512
5b8060a0254bc1c53c20c1ac4c6401acd265531d77f2322450f95bff54e011c53b727184bfda965697459030aaea1b6a2a0d5d5f7548d25d841477eef3c516fc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
73KB

MD5
6cf0dd6603ea6b7f529eb7821d08e2cd

SHA1
0f92db648e0d3e8c2ee6baa18a90c824230f05ed

SHA256
a9859b69a4d7a090cb4e9c345ec57f7915fe922443236b6e33b443b856a22456

SHA512
0c8c09d54b2e5990cb7506303c0799da1f3bd54029469ba45633d2e60f273573e5ecc2a1b5fee287fb3cdc0242c8a5ba72769ed4154fdfa33096267c3be2d6ab

Download Submit
memory/2888-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2888-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing