82b40788af745ddf5da5a423cd00ea603ea558a49f1f66b460cf18681fd99664

General

Target

3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
Size

55KB
MD5

3bd22087a4795cdf0ea1fe669cba14f0
SHA1

202dfd22d8f581d071f5505ee3c3ba060f64927c
SHA256

82b40788af745ddf5da5a423cd00ea603ea558a49f1f66b460cf18681fd99664
SHA512

4a58048f6a508238d6259e732eda1817e6e6f852160e413f2fff03b27f886fa71382f2cdae96c9385dbaf5440e258f8ca6dfcf9f29922333ef710b0e398847aa
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFFP:CTWn1++PJHJXA/OsIZfzc3/Q8yiL

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3695) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3016-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/3016-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3bd22087a4795cdf0ea1fe669cba14f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
56KB

MD5
43ad7b185523e550ec07ef795b32f4ce

SHA1
4ee3810ca2a099a3c3df6452700b63418f0003b5

SHA256
52e5c0da7032daa3dfa56c38aadad7519073e3868c55f62317f003c924fe6704

SHA512
4a349dd25521f9385dd773af5d6ff0f9b774fb125199543fd676a47d746d2a3e93024f5bc4f2b9ea736acd30953b13596bbcae80efb41217ad682dc162390eed

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
64KB

MD5
90771bfa2d834541c003e329ad520385

SHA1
073eeb28140dd2cf97c24d0a64ce6576beb8e994

SHA256
0115ad05e7abc9cea0afb723d368f37fa473a56d14abf31d2839652e14c0a7f2

SHA512
854f9ba6ea147a24b5e2c6aa09dae71660ceb8db58ead39852ce3e0b5b03147581628fbff3d1b27de43ce8fbb0ebf31137118b71410c9d8b55bafa34b31446fb

Download Submit
memory/3016-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3016-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing