bdda81b2285cb3e85118104c8a552a1ee06b19637a216a6ce486c3e39ffa8798

General

Target

4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
Size

111KB
MD5

4862d74c08656309a16d744fce4a9320
SHA1

e76d648909aa3ebf33194caba29e93cb896bc394
SHA256

bdda81b2285cb3e85118104c8a552a1ee06b19637a216a6ce486c3e39ffa8798
SHA512

dd7ec916540450b9023457110d9cad395a968834ae6e32c1ccaa052d232601964b0d9365a228e4890cc1c1aa22d788ae7c758b3a88deac3e6a834b80456160b9
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfS/n:hfAIuZAIuYSMjoqtMHfhfqnn

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2096-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2096-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\OpenExpand.TTS.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4862d74c08656309a16d744fce4a9320_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
111KB

MD5
0fe34ba85c8c1ceca0189dad04d16900

SHA1
8e7d899dcd4aa0e10334ee07728f25e4a05da2b4

SHA256
ac7bc2539f7fa490da2ad4226d9fc461aacc48db12d571a732a0a2524b6ab8e7

SHA512
57f0c62a0480594c7de11204c1505fab111ece498c937da3dd6dc91b2d501616d55fcc269a8a48ef22b3281ff52e9aacc0775c6960117333ecac8bc6bbc66034

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
120KB

MD5
78bf8d950f584f25b35970bfd3221aa3

SHA1
54199194ebe02c535700c4e86b285a6a10963282

SHA256
0d51db0fe93cdb99135de9459fa57f833e290ce25ba38116b3ef444ff3ad1ff4

SHA512
da371f697b245c7d8c3d32fa3325b9e22577ac4a4036d6557790a4f21cb694fd7da379f6e14be5c4146fa5c00f9ba75ea77da7a9beb056c8cbe7d61294a04e9b

Download Submit
memory/2096-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2096-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing