690dd1670205a304e60454a6ec32a8b4464bf0d744fc25748aa5edb9a852af70

General

Target

7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
Size

70KB
MD5

7d5491fb99bacb3919ac7a9a5d441650
SHA1

3e57ad210fd34317c71ff81f00d616dc964d7508
SHA256

690dd1670205a304e60454a6ec32a8b4464bf0d744fc25748aa5edb9a852af70
SHA512

fe5ec5933c3e0ebb72df5a47fba8dfe2f02cd960fcd501a3051fb6002540e85ffb86c8c64fed85471d0e33fe23ac7e7eb708200d2bee1e3519ae2f2a91cd4998
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q878:+nyiQSoa8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (716) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2988-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2988-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\ConfirmComplete.M2TS.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d5491fb99bacb3919ac7a9a5d441650_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
70KB

MD5
22a66f263348896b1a729783b4866924

SHA1
aa80b1953cca90ad12484f86eb36e5e2100bbad2

SHA256
6dca3ac7b47c091c9b4ffd6f185c5dbf1382b9a38ba010ed2ecddea47b9194ff

SHA512
6e963728f62d97dceb9f22d4381bfee254a0cd511df7d128175b9ac4ea2d646941be2724a9d6477def78f69b972c183a6f91e02192bccf8a4fce89411c5036db

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
6c72b07f8da9445de30be04fe68aea3c

SHA1
3e59de1d97d145c40e94328b1e3c2749a195283c

SHA256
85d8b82ab5f2b11a74b37bf9dc9a5b0a6bed9ec3f930bea7c669895c72b4566c

SHA512
e82d2e5d6c0511ceff038204f5546e2c0d83f3e28334113c77fdd82302377bf257ca3fea9aca2a6db4d0f845ec2bf8cb83bbc715df76436395ff2d44e443abe1

Download Submit
memory/2988-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2988-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing