a3b793c90cf909c2788b3d94cc0a50ae045aee05accd89606fc458bce9a08d1f

General

Target

54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
Size

106KB
MD5

54acff87883a6375e4a3963e73caf1c0
SHA1

b6fac38c3edd4961f8e587618fb4afc0ffe602a0
SHA256

a3b793c90cf909c2788b3d94cc0a50ae045aee05accd89606fc458bce9a08d1f
SHA512

165cff2b447b92d6f8c1a41c49a7e3655a5be25917b9aee326c05102a8f7df60dd7c71b7ea3d5fbc11ddc301f6916be9f21728d9cf64cc74ed1457517e99fb71
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hff+q:hfAIuZAIuYSMjoqtMHfhffPD

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (584) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1664-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1664-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\ConvertFromUninstall.mid.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\EditOut.mpeg.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\54acff87883a6375e4a3963e73caf1c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1664

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
106KB

MD5
5a12c0978eed197fe75f7906e17c65fe

SHA1
c31251982d56e0c8866b4755f2d1573db5524273

SHA256
dd0d63e7bcd6fba48ee77ffb926cab6730b42cb5a8503135894fa495856e7767

SHA512
151541f2983125ae692a27c54bda1322c1ad11ca523f3fb8b2d7d950099ae0cb4606c271557690fcb589af1a2a5f70b7451a4045d5cc0d22cfaf6e27eb2f26c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
115KB

MD5
f4cfba1622cb777ccff7d4413f857cef

SHA1
b62c3250b780ccb83b294368013faf8e67fd0370

SHA256
4e47bdea2eb6f77adb8d1142c33850080b313e78d7a4503f0beef2e597e84fcb

SHA512
09b7a24fa514ead807e59246617b76fceba62abe0ad62d6d8d764b0c5f74a2a5b1cdbf362cc5caf1cccb0ea34ddcf5b481a77d69bb645dde23cd4b200c92bf39

Download Submit
memory/1664-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1664-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing