329d2b24cdfa8a85bb97b4a3a0fba485fe846fd650da54ee6890d3fcd83bdbc6

General

Target

0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
Size

102KB
MD5

0485bb47947e51d2364ecbd64ca80570
SHA1

74262c3e5154245a5135b1b3e4986669b23558d5
SHA256

329d2b24cdfa8a85bb97b4a3a0fba485fe846fd650da54ee6890d3fcd83bdbc6
SHA512

9a0581c7f3e4f7d0301abc1ab104a82fd7a2600bd11882606f2a66b49a5ec506f347239d83164ca21dc1a7add68ee562b2df05af1074c9b0fe9c05a73aca605b
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbh:hfAIuZAIuYSMjoqtMHfhfX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/3028-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\gadget.xml.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0485bb47947e51d2364ecbd64ca80570_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
103KB

MD5
2bd6010f2b3a820f9f9692f44fbd5e62

SHA1
9c508791b90f58a3285579673d50fc563740f5d1

SHA256
a46e17be6d5df603d2454bf6c88bf0283fff0b01fb2495396c2952c4ac26a673

SHA512
93c44176b7b09edd4bb733c83cb03822d88e9c9e676dfabd33f804683acc19df11985e78fb9889035420a202ded833d9ed3a5d2ed50f4211d52e8c11efdcd29f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
111KB

MD5
4ebbe9a94158df1d9a5e3dd99ab3eec1

SHA1
2e6e4557cd466acff623d46fc43a4fc1e6091606

SHA256
908439b84092a56dcdca865705acc697471320fd1b30993f117b5b6ca346f0f5

SHA512
1cb6530d322d6fc9c26639256be987af73f04ecddcf7c7f29895e41ad20f9361ff35a309a9a723a5e310fc42dd24763e84b894b38f3bf2519e6c2351ebbaac38

Download Submit
memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing