50d3f05572e00539e921544f6624a2ccb30fc4e44ec2195b0fb8cb01cc4294a3

General

Target

61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
Size

102KB
MD5

61d1853839faba5a8aebe7488e063cc0
SHA1

86a7f514f8dce5c872d0a0b6c0ed949aad26cd73
SHA256

50d3f05572e00539e921544f6624a2ccb30fc4e44ec2195b0fb8cb01cc4294a3
SHA512

4181722c091217b5080ce0fd837b1172361d55baf43f720cab7a155bcb7858e6ffd952684f51455186a73b2f211700efdfbfc33c3be4e04d4586f8a500b0d9c4
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbk:hfAIuZAIuYSMjoqtMHfhfy

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1008-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\61d1853839faba5a8aebe7488e063cc0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
103KB

MD5
2c37d3b8c4d1883560dcc3f881c2aae2

SHA1
e52ca10f439ab21beb0ead1a466e0437676e0fc1

SHA256
b76d27406633060cbdb222fc59d1506d10bbf0c722d7d2b3d60e81236275f0df

SHA512
373e0ca2d07d1af05b59b25f6211e250995f23af1c2c64c0723935e5a3805a612321fe6574568842148a4182eb68c7f68e090b5c1efdb3fba0751c5c48cd7632

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
9c1bd3cb5e0904aeaea1c1ebed0c934b

SHA1
2105d0a7108e7045404a1fc4d0bea7cc1c2125bd

SHA256
daf92f2e51fae3ef786e532cd0db679a5bd91c44b42a4412cf3636c433c1f7ea

SHA512
b90111fd9224e039d3d92123943179f16d8ba3c84820ffea274af05da30603398e70451e978b863aef5875f52bb8e7ca1d2181d01df172e4debb6aa1eafde3af

Download Submit
memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1008-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing