8476319f1e89b8634f23c733b5b5bb8bba214d612bead968b2df1c1a0bb4fcea

General

Target

74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
Size

69KB
MD5

74a64d65f10fd00079ad69b6b5199bd0
SHA1

04ba01dce43561985f147c5dd182275abfaace7a
SHA256

8476319f1e89b8634f23c733b5b5bb8bba214d612bead968b2df1c1a0bb4fcea
SHA512

cbfe5fa67e6c394b68cede0820aeeb550b78a3967682365db8a96141072e7cb2c01595c1211cd68f3a27535434292b3bd5b55c5906c1db14cf19caa835baff94
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsV:+nyiQSohsUsV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2090) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2460-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/2460-1070-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\FindCopy.xml.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.dll.sig.tmp	74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\74a64d65f10fd00079ad69b6b5199bd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
69KB

MD5
cab4f07d661f1ec6e7ea748a7061e63a

SHA1
2d6461b77ad25b4548a907f7175c5e4c5c240eb9

SHA256
47f00b598df6272eed3bdafdd22fae3ab918ce67a3633c743378e4e9c2de67c3

SHA512
5487a9c81383fe656152a18e8b94368c99acfdba708934c5f561a27b3da6e6b3a26255e3bd6c85c7a96942b34c6ef5b26a30ffd76cccdc483d8807d9a5079cd7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
168KB

MD5
ccdcb25c1b83fc055e3242b6a986e56d

SHA1
208b8419e24ce44653cf828469257968acd926f1

SHA256
b6288b0cd277d028fd000dda8cd09299993e4f69dc0bbbd9bd35e196909cfab0

SHA512
09fb70244f82684b15e4bff358094c39fbb43c3991992c797c3e6cb230645fabd424cbf0fa93473f074b00b6a9c1486e7a781285d954f71f5eb07156f32202c0

Download Submit
memory/2460-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2460-1070-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing