af6f228e74b7a09c9a6d2cc48e5d0fe69ff1db16154699cc2ee9f74b3be3d974

General

Target

a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
Size

40KB
MD5

a1903136a42bffd55b51d1c260e038c0
SHA1

0548edf16967861e18b454ef9ee547ce4c258e67
SHA256

af6f228e74b7a09c9a6d2cc48e5d0fe69ff1db16154699cc2ee9f74b3be3d974
SHA512

969f825e7c70a76724bcfe2b344067a3ba0f41dd8249bab08eba0965b84af829489b60d46c86c3b2e2a14774551da3141ff213b30cca1f1d2ab8b6ebfd0364df
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAF5:CTWn1++PJHJXA/OsIZfzc3/Q85

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2444-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2444-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a1903136a42bffd55b51d1c260e038c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2444

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
40KB

MD5
2c3d9d1e3f857b5fc042a693b2b5a288

SHA1
3a13792ec3722ad986e1c282a7f3ad1b93513630

SHA256
c3ca5147ffdc202f26695f1eef4714105292cd556262f8615869d75f5260fb7f

SHA512
5f4e30c4d18236d3c1debe606ca5dd688bd113f38639fb8e6496ec415954449330e09fbce8bebaaf242c393abc5392185be0d6b100c5bacabbee0ce270544344

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
49KB

MD5
c68664193fa3b143fb31393024ff5ab6

SHA1
cd7b21d2884f16ffeb7dde379aa1eb1fd4935b48

SHA256
9d0e6fa67d4b11ddd6f8d4031077d313653dd48d3a1411133f0be4b0cee8f562

SHA512
f917399911f054b7f6c98f6a8b4821c176ac52ced4791f2f5d2cadbad1e6e19f64ab0bfc1068b6aa996cd8e6eb19ced4dbf97c097ebfc6b7416e596b91e31cc9

Download Submit
memory/2444-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2444-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing