c360195c35d128eee463b250430674b992bf78ed56d9d734feabc10c1fbbab85

General

Target

5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
Size

68KB
MD5

5e07c1c682a0ae48db70bfc6dd9b1a60
SHA1

aec64fcad5d824bf15374851720eb36a61970ffd
SHA256

c360195c35d128eee463b250430674b992bf78ed56d9d734feabc10c1fbbab85
SHA512

502798a1b19729e43cb73f0cdd12c3ff1d4b543a178da166bd06aebdee194299d15ad7b0b1a577666d3b68b8c2ffd634da29f6ea08dc8cc8600e3f24d7135f37
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsnr8:+nyiQSohsUsnr8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3427) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1460-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1460-642-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPSideShowGadget.exe.mui.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\MountBlock.dib.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e07c1c682a0ae48db70bfc6dd9b1a60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1460

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
68KB

MD5
d28e58517e3482412331481490854c41

SHA1
46dc02404df4fd5471b8d0f5123c295dec7fd176

SHA256
055a4e9be5868538dfec9dffb146530044c3bd0dffc7ddbd1c4b54219b48ae28

SHA512
53c4e968e15d8ac610d54b8f3bd5d47cc221524872d5ae42d66230c142f503c9b72b5f769d693444b324d6883673886fe0d6c2cee94b29641f894c34ad4ee191

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
77KB

MD5
9bfdc6faf02d2469fbb6313e7938436a

SHA1
0caa27cd162e4686c36ca71a1128b1d023aafc10

SHA256
08c22ebfd222cc6d73d42725946bb1dc6918522f38502c0e14739ffaaa38274b

SHA512
2003147fad75f7c6ce2fbc3fa452418560cb7f552aa0d0a91bce0032dda6e294b0ab29928b1046113b079bd2b0c73476c41cf92ef6b763bca5e0d82b03bc96f0

Download Submit
memory/1460-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1460-642-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing