53c864b18c6356bfe686b33f1a246670c229e222cb52e8ab0adef2df3047114a

General

Target

0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
Size

106KB
MD5

0688130e6e945006f2472fd31a8bbdd0
SHA1

7129c18c26cb82044925acd1715f38ca5460052c
SHA256

53c864b18c6356bfe686b33f1a246670c229e222cb52e8ab0adef2df3047114a
SHA512

1277a63009437553eff46191db849ef5c2f5065ee540ff5469aa90cc3a59a6aa13fd57e88eff744ab7b71e3b81ae38a77334a545309f4c2f77bb9ce146a5351b
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hff+I:hfAIuZAIuYSMjoqtMHfhffPh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3449) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2364-78-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0688130e6e945006f2472fd31a8bbdd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
107KB

MD5
147c20cefd47d53196f62db676e2ca72

SHA1
fb28aa60fbc25caf942ce14a0ae93bc33c8645dc

SHA256
47442941c543834ad037feb51745ec8afb7d15d26c6fc29c0e6ee6dce74ce338

SHA512
b8a84083e2d1501cf7d98dd268de99dc42f568d8beef8bb2a8f1bd9676ae4507397bb1137bf52351d542ea02421628bc88178ab7a0c5fe6a744093bceb67086e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
7a768568bad0c13a298505d57df2694f

SHA1
6e1fc683083b52c66fdd6c6112c8ff11f3cb8d09

SHA256
e30c0c72ec57a5c485e34d347f7d0891b5f7d1ddc135d934f650988a65bd7269

SHA512
d672d1bda1dd8a66dc02ce411ae4a6198569429b174fface44ba87d8d200d6a656e180423f73b481e70cb477cc7b8de4c75412d9516d14ed22f7fc848377f0f0

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2364-78-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing