c1ea548c44a92cc49cf7d0d6ab62a0f496c82c3542591ec5f3e472dca08c4554

General

Target

436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
Size

130KB
MD5

436807c9b4503952705eb3ac70a54d30
SHA1

beda439ef4da2c2afb38ba954122b5a5e599ca93
SHA256

c1ea548c44a92cc49cf7d0d6ab62a0f496c82c3542591ec5f3e472dca08c4554
SHA512

5712c6b4f43e471eefedcb81952b2f08818f270c8dadb1f22191ef1fb6ced797d856c1c75e27e33c7c3d579606c35595bcc9c62cb05fede59493c9e09210ca37
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCz:+nymCAIuZAIuYSMjoqtMHfhfy

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2888-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2888-638-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IO.Log.Resources.dll.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\436807c9b4503952705eb3ac70a54d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
130KB

MD5
2700add4e74d532c13ce91c3f66642ae

SHA1
47dbb462a5af6414c862914195b8f314782fbd6b

SHA256
cb329628a245562e45a0c0cf7a4f3bb725bcf29b3d29bcdbfced58c29513f69b

SHA512
708a0968d24c0b947d8aa3254227ff60f3989c324ec918b7a6f1798950ec71dd1bcf1c284452b6b53d9bf42cbb6fc9aa3b6534fe0e04faa6dbfad863cd1e8688

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
139KB

MD5
a56a1eb834145e22e5f86caa166b1c6b

SHA1
1a16cc2be76c5273368f18ea3291211f0b7198c0

SHA256
18fc32ac9195a8c4dfbfa510f6cf26228f2f8f4f50393bcd5e545f1f8220e7ef

SHA512
bb9a30ca486746fd5b0fbd9f2941a5458c6c343a42710c560f640dc0ca450d390bdfb2edd28c58048931a9d1636ddb7208763f8bede17c5e41f69fdb7f5c6622

Download Submit
memory/2888-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2888-638-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing