860a3d54723eac558d921e0aad5a9688558242a1b97beece0e2194b3cbf64d30

General

Target

b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
Size

66KB
MD5

b1431d4bedf6b167770c3deb4118b780
SHA1

249ca3658bfd5b15d298a7716dbcffbeee5e0dfd
SHA256

860a3d54723eac558d921e0aad5a9688558242a1b97beece0e2194b3cbf64d30
SHA512

7b3e2aa9b2fd69486a0cf76ff2127e0fccf641532e3f7b7d99298384ada7385d0e611f85bf5861fdf5d27dcb573e8095225c92b4cfd1bd5470c02ccac4900c75
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8B8/8Z:+nyiQSoFkZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (935) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3024-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/3024-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3024

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
66KB

MD5
71858066575543416819e89c82c3db04

SHA1
e96b4c4212c0726e2e6184ba1003c0cf8ff87fda

SHA256
e8d2ab4124936d3f22253c38e39413f120d3b1f1b35de8ca3ea09cb8dfa16075

SHA512
180580ac4ae2981d8fe36120911945599ec5575f362e0a21ed0c222289738412593ebb1bd7097f82cd693184d25e189793d95afac55b812551f7ba0089ffcb54

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
75KB

MD5
572dc24f678de010d3cfe241e1d0e083

SHA1
a20e208323d66638c81b721df261e59f697c4bae

SHA256
73f0417e72b990f55d9baef6c977eaddc1d843f924fabd01f27e720548a5975a

SHA512
e15860b1c26f07b6f79b6a37caf2532e457d7fbad12d9893ed82670cce2014dcb19f43252430b1c3c6872370c14897c6b280d47a26a73e66d4ccbf1858df3ad6

Download Submit
memory/3024-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3024-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing