5303392831813debcfa3316caf0506efa90d6b4eed98b5b412ae2bb0de5fec70

General

Target

4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
Size

73KB
MD5

4e31383fda1d331c4457b76475b376f0
SHA1

30183d8d7bf91f39dc12f5695038ea2134d0215a
SHA256

5303392831813debcfa3316caf0506efa90d6b4eed98b5b412ae2bb0de5fec70
SHA512

8a5744c5355fddcb1636b29c7896d183ac7dff2281d428773b17cff1423d61c35f4d38fc4b2550c211b9958faca672f7531bf4e2b7d8096dcc7ae4baf029d98e
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsDzVe/0AP:+nyiQSohsUsa

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5020) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3260-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/3260-1804-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e31383fda1d331c4457b76475b376f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
Filesize
73KB

MD5
f26bc50df2e93fc53c3b62d3e4b5bc7a

SHA1
68e11cf861cea429f9585472d3a8fd8b4fe20c24

SHA256
3b9ceaffad5020eb377e772962a48fdb209683efadb0db05566246828d383377

SHA512
7b6a381c0a57529f29fab6b0ee8532173dbc243483d20ce6019fe3ca2683a6acd0ae01f19f381a3bfd1fd36dc0ff0840e96d8ec244af9665b8e57515fdcd357c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
172KB

MD5
20a66e66aebfc803c85b3c21ddb67497

SHA1
9849a33a1792c6773df68cc64dc29425d5e2e70d

SHA256
7d37a24c9c46bcd9bbf991eb769fb13e2fa72aad83a8b606c2f12f72d28379ac

SHA512
e12a15228e30c9b3ec7a084897d9bc7a47c8d45db99cdb85dccf7b67e38f216f03f2d0c207a5c39e9b85311785eef816ee448e44a15b693d445af6c14669b771

Download Submit
memory/3260-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3260-1804-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing