6dd873bfdb7fddf65c921c31693986d4695912cbd41a23f71524c5ef8163daee

General

Target

76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
Size

101KB
MD5

76e271a5ca9bd21cda6e8618da203fd0
SHA1

01d7408c4a8db125a7e1fea84814e60d4a0d93f4
SHA256

6dd873bfdb7fddf65c921c31693986d4695912cbd41a23f71524c5ef8163daee
SHA512

2325a5f34eb28ff11da6b7411911cdba341d3917bae66a4f281e899a40c05ebe3b0aabebbdc20825d9bda4b8a5b3315b514efb8f78b4921a3f9cc97167a1626c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfo:hfAIuZAIuYSMjoqtMHfhfo

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4910) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2300-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/2300-1078-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\CopyRestart.bat.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\76e271a5ca9bd21cda6e8618da203fd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
Filesize
102KB

MD5
7ea39d952191d1fd463cf804816d878d

SHA1
bf0c03b6d270260a9b07422a6c0f639ade6d0d65

SHA256
44ed9b062cb2ee9231dca9512e8121809526841e175529e2f1d218a5c0e93fe1

SHA512
c07224230387ef7fece6a6a9c314929d7a0f203b587207054bbec1e919a9be7c57086909639ccaa29a5a5fc976d13ceeff3e0a5bd7b249aaa682f2bbc000fcfe

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
200KB

MD5
f2c8292020c12bd8c6a425c5389d8ec5

SHA1
eea3b1b5c702d6427f1e21f8365316a884696a5e

SHA256
b38a314d14f1eac746c662c63a7411745f7a3bdbd50ee0eba0ef46184e3c7bfc

SHA512
53814724363918eda206adf92e98235fc650c1404001a37040a19991d068c7031410faf2857df302c4a3c55f20e433527065b1052a7e258258f950f14273eaa8

Download Submit
memory/2300-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2300-1078-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing