443f6403c50c6db947ccca88375b4486078749cabda932d452d267a8487bec98

General

Target

3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
Size

110KB
MD5

3bbd604cbb66f5d275a67922de528db0
SHA1

f090c95a1d06573ed5f8981a11a1283e83337360
SHA256

443f6403c50c6db947ccca88375b4486078749cabda932d452d267a8487bec98
SHA512

798feaae98932c0d75ab1790f3c609857fd37da7c83ce3cfdba24c1a3b689a6a10e79eb3d70de9511f080cd875bbd0452ae0bc326902b67e0940a0aa757ed0de
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfS/M:hfAIuZAIuYSMjoqtMHfhfqnM

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1960-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1960-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\ProtectSplit.vbs.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\BlockSave.wps.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3bbd604cbb66f5d275a67922de528db0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1960

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
110KB

MD5
eaf055b82b0d63687354ace0ee9a88da

SHA1
6a0a3cdd0caa65df3b1a52c0964a5356829d3184

SHA256
3271ef2f0e3ddeacb54f2718fe807e7ac2c99fb7b53f4a496cc082c7d6c27626

SHA512
26a346044a8e079e9099a47b306f0f555fa455521cf4c78deafccc80b48f1c84c75a4ae4b7c406859aad8bc6c1bc33f74012e114192bff300c05cf8999ff8d81

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
119KB

MD5
e5c803ebf25c28f32e377b05e21b1444

SHA1
b3b85b776c5799951d4268b67453c851f9422e85

SHA256
2b1841beb30c2ece0838748e1359874bb15c60860ea4897ec163a862565d76cf

SHA512
b07dea75a68d86e3a6e605bf3d8e32e2c3b9b90c8df18e0da894798fc6c6608d2720582b5eefdee497ee1fed73406897810ef4e51cabf1291f81e57402791652

Download Submit
memory/1960-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1960-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing