99f4364e5e7cebb86c61bba9f6d3e5900dafd61c3b251674806eeafab0ee534e

General

Target

545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
Size

109KB
MD5

545c2118f8c3dd1080c026a9a7f919b0
SHA1

e0f4b4aa988be131db9b32aa036204d11b269381
SHA256

99f4364e5e7cebb86c61bba9f6d3e5900dafd61c3b251674806eeafab0ee534e
SHA512

453a1eb19a4ef7b862ea5df65ddd30114aa8247a138c8a07bc05ffab93d9e7ee19a1d258afa511f164ea798b2655239e1501d6521aa2871884cdc09cd9de400c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfS/w:hfAIuZAIuYSMjoqtMHfhfqnw

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2392-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\545c2118f8c3dd1080c026a9a7f919b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
109KB

MD5
f8b562a8d97d9190121a4e3d90e8385b

SHA1
431579432239eae0aa944119f54f1dd219fc2887

SHA256
89150bacc005acedcfdc8cc54fe8014a71cb53ca34e46382de8b5577e62b2f56

SHA512
ad2737c7cbbc8648404e5db156d571f1e9db3b749c21fc88db9fa1b7233da955b36c0d6e9b2dafa05b493acd420956a2cd4437660ca8e91f61f8c6f5104c6a01

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
118KB

MD5
c1feaea5d63554957ca99d984de9e3d3

SHA1
a9353e811f7fccae6288a4d5f3eb08784e299c2c

SHA256
33d0694bdd156dce184d91cccdd6cf4c153a767592132ce3bb3e01d54f43a55b

SHA512
44a0bf0e10f762ac996d18f83029d625214bcbfbc8ba99c3862701a04892e6bc83e29de106aab33be930ab43e68a38cca5635cc054aacba21a3f48231c1c0058

Download Submit
memory/2392-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2392-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing