fdf72e24d60bfafd2de1f0094974e5c01553f7dd2935004238b3ca838204c9b5

General

Target

cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
Size

40KB
MD5

cf516a2111452f1c74bed188b3ea1400
SHA1

1ba8ed072a32520960af81976917a04e1c67c7ba
SHA256

fdf72e24d60bfafd2de1f0094974e5c01553f7dd2935004238b3ca838204c9b5
SHA512

75f877e10ff853aac4ace33ba18cadbd66d87aa1d203b739d2715120c45a9bb51ee970aa9187bceb21e64cf554e5a56ae7993034a4a79348a98b52dd2d047468
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFH:CTWn1++PJHJXA/OsIZfzc3/Q8H

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4336-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/4336-1226-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cf516a2111452f1c74bed188b3ea1400_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
41KB

MD5
c2d89128290fd47e710206290f535456

SHA1
40d6c2f0db9de700688d2e37ea71e98da9f49c9c

SHA256
691c761897742e6d829765b1ce3befb8cd6490129a10eb32f5ceeb393e0b344b

SHA512
3aa2fad61a675c3f71617271d350630cac5c18cbbf24ab9d0e2ac4c6264e5ee15db0087bbfe6160813a1e550afe03b22f63e25279bc42335db57360adb708d39

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
139KB

MD5
d89aebcf796ce3a233dfe0b0b7b9e6f3

SHA1
e7a2d2bcbd04b514951f3912480161c6fb643018

SHA256
a7f97f0c72f5a1416137fa76b2faf40693bc8e498bdf15d6e391ab3050c266bc

SHA512
dd591c54ff32b4fb00e2124ac1d62a81da5187096e3614d7d68451a815c34cd4e887235ed093a7a1562db6e70c9f701fdc7a6113ae1d0ba858294421cdec2381

Download Submit
memory/4336-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4336-1226-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing