646a6b5b4a54a64226e575f20cc43740f13fb32211e8aa01418324af273a20f2

General

Target

626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
Size

104KB
MD5

626b91fd2086bb53ef50c066cb4f1f10
SHA1

39bf2388dfd73fd5d1a92b5c390fe69ccc809a19
SHA256

646a6b5b4a54a64226e575f20cc43740f13fb32211e8aa01418324af273a20f2
SHA512

eecc477d072980c9dcda7e5cddd8a2fea8f1dca805afbe64bb39798d89cd5cab350e50936a9af7e89e14e3b406f07df9d4e4c08622bbc701f8356027ea16f421
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xF:hfAIuZAIuYSMjoqtMHfhfM

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3427) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2356-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2356-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\currency.css.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\CompareResolve.ini.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\SplitWait.wma.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpSvc.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\626b91fd2086bb53ef50c066cb4f1f10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
104KB

MD5
9c3c25f27560a1b859ea088f56a4b296

SHA1
98dff51f6d0506ed12cb81ecc31e8fc52c3e1d2c

SHA256
f2ff44ae2fceb9d51961f376a7d9aa977e4ef10e77e8265b106973a87e7e0599

SHA512
e9759ca7a9b36dda570fc3dd3044e6692ce2cc4eb788c5f8f0f47edbd5f6678f90aa62e71456ff37b4c170a42e12f427e98f71c6ad28d7cece8ab04eed07ccfa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
f991d74be5266ef24754cb28fb4ca846

SHA1
02b207a9c9f63202e814342c3cca0c1b7f805721

SHA256
cc1699ed1eabc366c1c48e0447c5aa788d66faa425dd834ce546fd0f70499159

SHA512
33643ed6b0d4ce1ec7ee803c5f7bfe7f86172a245d0b0d6581ba9828d32f0b3f558d2755613027fd18013101a5962f1dc6313be0db45b247c9f2bdabe4d71035

Download Submit
memory/2356-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2356-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing