f4811bf8b8f3d31cbb7d53b408248ef904ae7445ff14f3ea622285e98d26d622

General

Target

cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
Size

199KB
MD5

cf1d604f10b53ec3dc9579566f858da0
SHA1

c704424dd5c7fde15621f445fd096c5ae5ad7644
SHA256

f4811bf8b8f3d31cbb7d53b408248ef904ae7445ff14f3ea622285e98d26d622
SHA512

13d9eb894aa597aa014c946e0ee5cc7de1ff9634e3a6ab636042f07f8cf204cb9835d81f8efbe55838eedc0447dbe24a63be8076cd053298e6b2a26d49306469
SSDEEP

3072:fnyiQSolxjO5HSSLq9zobS2NRhn88P6u3hQulwq:KiQSom5HJLq9h2Nv8JuReq

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2936-550-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cf1d604f10b53ec3dc9579566f858da0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
200KB

MD5
7917440ba1ada4c1c575cecd36bd240b

SHA1
639f9489f22e3f8cebc03033ea2e713de754aec1

SHA256
c5848419ca505fda4d70988c949a83c22b552ed6d2ef3a475ab930dbf070dfb1

SHA512
67ee17c9cebe5e3b32349384b5a05e1d627020e966dbf6c16c222601e0e190d6b6171e21e47eb1676a6000cdd6b9af33550c709d0a848424f9bcd41334d9e143

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
209KB

MD5
a38d8ed9bcde176c547850f7792d870f

SHA1
0b8e6c1399c8efdc4f50904bb8a6516d4ebf054b

SHA256
06fbd8e49085e66421e284433068edf019a035c212a81f7552dc93609672919e

SHA512
8d5b1dd95f79373c9b59635bce036e30ffd3c34215415c6ea9012280c449fd3d725ff8f2953e9f25804bb222ff50a2312507dc3d099076c443bf650246d857ad

Download Submit
memory/2936-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2936-550-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing