860a3d54723eac558d921e0aad5a9688558242a1b97beece0e2194b3cbf64d30

General

Target

b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
Size

66KB
MD5

b1431d4bedf6b167770c3deb4118b780
SHA1

249ca3658bfd5b15d298a7716dbcffbeee5e0dfd
SHA256

860a3d54723eac558d921e0aad5a9688558242a1b97beece0e2194b3cbf64d30
SHA512

7b3e2aa9b2fd69486a0cf76ff2127e0fccf641532e3f7b7d99298384ada7385d0e611f85bf5861fdf5d27dcb573e8095225c92b4cfd1bd5470c02ccac4900c75
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8B8/8Z:+nyiQSoFkZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5036) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3704-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SEQCHK10.DLL.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b1431d4bedf6b167770c3deb4118b780_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp
Filesize
66KB

MD5
5bab4e2736f29284eb922571481ca175

SHA1
cc1a4467ada1716b6fa3028c971a1145267240b5

SHA256
e05ce018489b60cab328589dae808c8aa5706a9735fac69c805f20887ad68934

SHA512
82bda69dc3194707dd717321483997b81c41fd638ce903ee1705ef064d6e29b37024b64ca951fd32deab728807fe51af555955b3a12505d915857ed7f531b9e4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
165KB

MD5
918d85d7cab4ceab7276373cd0682651

SHA1
819dba061f26494b80b01d0cff2fcac398c4ae6e

SHA256
285cac0b1e06d41d02edebadd13cfae36f9db81ed7163185fe09932563c1769a

SHA512
7146067965f708835b3073d7d13fb91fdbfbdfaeeb707c95da4e37494040372dfafe8a510a4a2755e99b47f8c71480178e7e28d3b35b006fcf6b46bb12044145

Download Submit
memory/3704-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing