2452a0a7a2911d18f3114b50608c96e36be0a7e361289153b6e3d80faab228e8

General

Target

3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
Size

76KB
MD5

3a7568feb2aaf11f12f33269aa8a33a0
SHA1

118a06ff8161325cc0a9895b70aed1098f1b1e55
SHA256

2452a0a7a2911d18f3114b50608c96e36be0a7e361289153b6e3d80faab228e8
SHA512

8a181d3f929832536acf8bd9a3ec3496d9995bf1ade208149cbb6f39dd22fdd0e99c48b54b6b817fb6bc858771fac07ae63301c7959c2cd0dbb8d7b205307ca2
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJP4N:+nyiQSoF4N

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2164-444-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\ConfirmUse.reg.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a7568feb2aaf11f12f33269aa8a33a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2164

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
76KB

MD5
7e25e209b2f4e5a644acb0b50e5edded

SHA1
f5b76530cf56a8a087315a8ae9eb900d7777ac19

SHA256
e9d3f104191340bee981bc46f170aefb7802d057e18f81365e3080138911e58d

SHA512
adc76aa8d41cbfe17f75bbec6c098b10b1f7deb943e34081393ca58faa38027801ed29618f90fea7a964227fcb556a84491621280715782dbd8b8baff8e936c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
d4a85d1e024d317b3dc1d79082035b25

SHA1
5a7b8666701889037b09ca54b6c578b47051c7f2

SHA256
91755094433d1a5b8ef804d034cd592eec66daab6124874216aa3b478f0d69c0

SHA512
b06542b078bf09f342b107f62e83d8b0225ebd66999cb00afc052ad0d0eaf821a076fbcd1e102785b8ec7ae93892b2e78af1b47076033d17cf95568265199f6d

Download Submit
memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2164-444-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing