5dad34a041fb17011769e11eab75c8b4fe9076a549b236b475120a17b6cf6c1e

General

Target

53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
Size

102KB
MD5

53876c85686d678c543f77920d39e5d0
SHA1

047f44963ca9d65baff0d93b01cc5def3b77d5a2
SHA256

5dad34a041fb17011769e11eab75c8b4fe9076a549b236b475120a17b6cf6c1e
SHA512

9ebe68a293c3489aca2ca0aff97e372dc288c0676bb3bee6c724b4c49575dd89d222140977c84d80d389a2c2c74345f8554c5e65c8bf43131db690c441b455fd
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfG:hfAIuZAIuYSMjoqtMHfhfG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3505) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2828-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2828-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\53876c85686d678c543f77920d39e5d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2828

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
102KB

MD5
20650aeac0fad4b98caaf08fab81f44e

SHA1
9caf4b23a497319f2ce9526f35a0952941891297

SHA256
137c878fc98e980c94f197a971fa9c5ee0a69efbfd58bc54d49dfb58c6f430e2

SHA512
003f1da31c52b8eed0f2acdb480713f0847cadbd2354c69108afa924227e771305cd37ccd675428b57dac497652af64b8d085ebd353786d43714bc6c2ae52c32

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
111KB

MD5
27a4bd7fefdaf84aa3d7907bf8e6a374

SHA1
d6be174b3cb9ff9c24831a568eae0fd6c0da0609

SHA256
c6ac1adb1336ca013bbababd1eaf5ed5e04ac9332fa57246a870c78f5eae3df8

SHA512
8be678bac3d1168f05bbd6e996a9ee827a8747cac45bf60f3b637df0afb726515e5e74c3aa3b38e4402339406cb2a517de5e600a9090846cc67e34e3cb2356b0

Download Submit
memory/2828-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2828-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing