10c5d2881d467879fb3878014366fcecbdb446de3343e39025e1105a79b8a039

General

Target

93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
Size

51KB
MD5

93d6a7722c42bb0d781d9e608bafd690
SHA1

102e4291e004753052b1056a6a2ab52485099acb
SHA256

10c5d2881d467879fb3878014366fcecbdb446de3343e39025e1105a79b8a039
SHA512

a4d6717ac83f05c7ac3534b3175078f888bf872da14961ea821bd2fd350c8f23526939c1b3d8473656ccb4d6cc6d9413513f1abcf0b5422afef8fde18145e9ea
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFF0:CTWn1++PJHJXA/OsIZfzc3/Q8yiA

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3769) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2352-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACER3X.DLL.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\ApproveResume.sql.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93d6a7722c42bb0d781d9e608bafd690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
52KB

MD5
e932fe185f41f84a9809c8efa1d39c64

SHA1
8396584f6c8e631ba2d431fd1bb1296030fb2ac1

SHA256
796ec2f822d24912a5bebd0884ad33944937f4d078cbdba5f35b6b2e42fc18a9

SHA512
3f78983726b727791fbfdb7eb98ebb632526e46b2be2e04b011fbd46ed5d8d040bda57155b2c91a6b3a7ada0752d27d0b85e55583e3837c011f44b8b780976c2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
6c4fc9b27323352b365bad624a925e42

SHA1
32738428a4ceef985a7e175c7155fa0554f9284e

SHA256
45087778b565cea6fe8f174c9df0571c549609f25de9b9542ccbc3a18b7b7389

SHA512
42abb8d5725f93b7a2a3e744d6964a0d7b0bf979b35f79f7f6f1053d5c738ce1fd2a415bc56ac6f2fc43ece4dbfbe008071a6c091fb49b6b4661ced534e815bc

Download Submit
memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2352-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing