23b6b02888e21c328eb443450d2d960524117c90c7d664f4e101c43dd554ea54

General

Target

1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
Size

202KB
MD5

1b66f1dd9729ade1d4a1277356553310
SHA1

0b6607b7161e09635d9d010f93dd875ab9b7ebd2
SHA256

23b6b02888e21c328eb443450d2d960524117c90c7d664f4e101c43dd554ea54
SHA512

66f0d4d732e31e9429f36a41f3e2dec89dfbf42242528970acefc3dc1348fdc8e8cbb2e65b3fb5b29178f8bd076aab8cc603cdf1dac9319eaabe5fc9f824fbc8
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfJ6W2QZwKS7y:wHm3AIuZAIuDMVtM/L2ZKS7y

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2944-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/2944-1578-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b66f1dd9729ade1d4a1277356553310_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
203KB

MD5
ae0bce1dd278d1eae2829eb53b90de72

SHA1
16c6eb72956e2dbf571172e90270f585b4d25770

SHA256
c41fa0ec7190707ef36a9756c806ad113fd5ead956a9b7107ab5a319d34e976d

SHA512
8494ba78ea4312cd05a6bed2eb66258520f05d385b026db252d6f00f939df87b64738c11d21cb520b287434225221e0a9daf8677418fee3fbe8f9ee55641cfd6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
301KB

MD5
b9a3a02edd582785a2c073d9dd46647d

SHA1
e1e2c129108ecbce91a304d649de7ccdc2b79941

SHA256
2942ec3283aa6009595c2f9635a1f10de2b582238699f5140a94f4ace8ec983f

SHA512
adcd85d31a1a6bad2c35f783f9b93fe90d0b55d3e0017a53b6fca80ab18ef535779ff6026e5684af7a391b882eae13230f5d70862285bba67919a1553e63758f

Download Submit
memory/2944-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2944-1578-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing