49bd0c406726526c6e068f7b2ca20617c3e9acc280660671f4b093bf615777e1

General

Target

529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
Size

128KB
MD5

529c162c8be8d29a918083924db8e0d0
SHA1

726d9eed1882299825e8477685ecf23897ae3b5a
SHA256

49bd0c406726526c6e068f7b2ca20617c3e9acc280660671f4b093bf615777e1
SHA512

9cd2740bf95102b026b06b105009104b9eb17da00860da2b101cac36d3896adc1e2716e55b94835d865e95c1ed0282081cf64ba1b3f4334427c7204321dfd0d3
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCm:+nymCAIuZAIuYSMjoqtMHfhfL

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2868-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2868-532-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\529c162c8be8d29a918083924db8e0d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2868

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
129KB

MD5
e075119a3af8b8011bcffc40ad7916c8

SHA1
0b84c2ae1f6c55c92b07810c79b7ed20a77bec14

SHA256
9a9020245b1bfc4826d15920da635eb1751e2b223a5bff5cf606a9deb8875d8e

SHA512
10274ee9e3eb85f50cf9dfb7e189868ef34f69c53b2cc1bab9a1f9de64bc08df70f4d47beb86ec86492f4f9ac374f94b19bbc4c914e84b450ba4c54a582baba7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
138KB

MD5
0013c40c3ee7d7047737839577d66e4d

SHA1
1832b81121c597c3326806c15f01cb0d966d22c0

SHA256
81c7bfffa25d4671fed16bdfdeb8b42851207315bbf0454d5a0cd0825862d5c4

SHA512
0b9ba32aed9290cd2516f69de46677f63ff230a5cd357c74dbf1c6331c252b70ddb7b740af42ca7a5c892e05e11ab3357813555da5b4421a8e6954e2c950c555

Download Submit
memory/2868-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2868-532-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing