23b6b02888e21c328eb443450d2d960524117c90c7d664f4e101c43dd554ea54

General

Target

1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
Size

202KB
MD5

1b66f1dd9729ade1d4a1277356553310
SHA1

0b6607b7161e09635d9d010f93dd875ab9b7ebd2
SHA256

23b6b02888e21c328eb443450d2d960524117c90c7d664f4e101c43dd554ea54
SHA512

66f0d4d732e31e9429f36a41f3e2dec89dfbf42242528970acefc3dc1348fdc8e8cbb2e65b3fb5b29178f8bd076aab8cc603cdf1dac9319eaabe5fc9f824fbc8
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfJ6W2QZwKS7y:wHm3AIuZAIuDMVtM/L2ZKS7y

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2172-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\ExportSet.fon.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
203KB

MD5
97d2b6d40cf93676a19aa34af17e59ff

SHA1
11fc38eb6a7c2c220a6946288205a47bcef9ea9b

SHA256
6841f2e668ff787daba84f68a9f444c005ffc2e01a6a1a8f540803cd8b501d8f

SHA512
1adc2ab38700ef645ee93583ee1089744b40c96b0969d09bdafe81f257ad52ef36415fbbf180abf8c10bc0fd2a050727cd67484cf8e731950ed5470f30b105f4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
211KB

MD5
11d12982c5107a7892025993bc542e74

SHA1
ea1a70957aed8fdecc7948a86e6b84d14b1b61d0

SHA256
6671a48e6b89c5108920254299172a787fdf235f5263ea30b429ccce1e0f3c24

SHA512
e171945dee3e55b9ea67cba4bb4c2263f74757cdb65052018ba34143c0275f96cf4e5d2dee9c027a86d1ad9404452ee38d3700e5be36847d4b44817a6d99a76a

Download Submit
memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2172-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing