78e2b9d6cb2d87305409bacaf361df6d25108331d8e75a952cd9c3eca67a4768

General

Target

3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
Size

53KB
MD5

3a7908a27f70ac1d6a3503a024d648e0
SHA1

f633df7a4729a3871f94c0b52b4c6254346e981a
SHA256

78e2b9d6cb2d87305409bacaf361df6d25108331d8e75a952cd9c3eca67a4768
SHA512

d8ac942b7d954cfad260eb024a3508cbc6e84b3862169d9cd6cd66ef396c981a0052371737db0f695d60081e8ccc7ac1a77b2ef87da83732f0e066f8644deebd
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8yiuaa1aaZ:KQSo1aa1aaZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1628-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/1628-1154-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BSSYM7.TTF.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
54KB

MD5
e58352b5e61498a5d4845958c15943e4

SHA1
d00cc42d3db8838c17dec2100b65434ca1060a4e

SHA256
6089391ebdeb06c76ab37721fd0e9c69b0fabe2af790cc375a20241ad6e97a92

SHA512
687cb03385c499e93ead101720724bb0ef8c99ef33196ea0e89de02ae7142cf6f1765743a0c13ad922caefe53ffc7f7dfc45b0c116439527bd1ed67b39ee6773

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
152KB

MD5
02cea2e9fee1d8bc7c6b604d55f86dec

SHA1
65a6035900bbf0f8a7ee370f6bcc27e4580c6d40

SHA256
a056a6b96f224da91c7ee1af17397b785862541a557d4b9c6a4238aa5d37b09d

SHA512
d729903ad4d58e18a0e19698dd8badf1df5e89aa749c355755dd09db594995f931bcf89dce58a4973eb81cff2f9894af811be29479fc250605ad7ff34a97fb6e

Download Submit
memory/1628-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1628-1154-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing