40420ee419c251c03090fcf46c36ea712a6a62fdd978c406bb14a05fd47d22b7

General

Target

6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
Size

103KB
MD5

6ee8ccf365a4ef8fd29889f2fe1d5950
SHA1

081e6a075f5980c2da1e607c65dbacb9c44b42bc
SHA256

40420ee419c251c03090fcf46c36ea712a6a62fdd978c406bb14a05fd47d22b7
SHA512

7e4a2b378ae52ac75d3d4a7ba3cc573df4c0fdd5bd6aa50a0d9bfba19b0d88ab7334c0cadd6fb3152e651a38ab5669bd5a8901a966b8d9eaa5087a46c3586019
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOA2:hfAIuZAIuYSMjoqtMHfhfOAkfAkN

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2172-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/2172-928-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
104KB

MD5
301591ebe0ae75073a0412b9a07d581d

SHA1
366cbeefc0b2207a33d748e24b1b24a8efaf765d

SHA256
d262c0c1e24cb9a7da6eda8374799e64289648dc53c58305827cc03d6c9fb201

SHA512
d144ebe19117eabde89aaa411c866f2b34fb9fbbfe7f4bfe1c21f846dbb43d73f6e111c9351e0236f7fb1cb0ed5dcb77d3679f322068324e1004afa11c2b6bc1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
202KB

MD5
626cb969b7607236584caf0cd3c8e4f2

SHA1
ceb11ed51649ef34928e914a2db226b0aaed51a6

SHA256
1998bcdfd56432e4efa9e0894c8354149fc4b339f32fadb18fda9b5aaae05e19

SHA512
f49f2ff47f51c01b3054f08a459522d9878d30c9aa8593ff25358477d8d35ec4bc54ae56eec660cdafbf2cc10cb94917f7f02a403b8158eef9b706fdacc19583

Download Submit
memory/2172-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2172-928-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing