d04e3ffbb999069b45a44ed7c2141998ba4d04473fe427f399ee01eb6b97eb4f

General

Target

6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
Size

102KB
MD5

6f22e00d6112070c3f18dc872e33af30
SHA1

5087c24bfe1a60dd4e9396dafbdcdcd0fe276a66
SHA256

d04e3ffbb999069b45a44ed7c2141998ba4d04473fe427f399ee01eb6b97eb4f
SHA512

24233190ddb260578885f857a2018b72289ead0d473a8abe72d4e3df40c22a82ff9ce64dae5d6466e26f0372241d262a3fa07c89a8fc6ed43d8cc597b6e8e8bd
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf2bv:hfAIuZAIuYSMjoqtMHfhf2bv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3105) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2084-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\CopyDisable.bin.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6f22e00d6112070c3f18dc872e33af30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
103KB

MD5
0b5ac3059785040cb3eb824bbc83dc7e

SHA1
07fa6008452a048af645d53970e27e8c0b9bf053

SHA256
eb91d6e85fa0777863ec0a9e9a1000f0934f7ff69c036a28a9fa0d39e68cec69

SHA512
d5366a36d6ef304bdbca951edb31244ebd42eace80d77029c7f610b0c23772d42890cf96251d4147cb06de9272707c0b45ba72c2be4e790928f28d0d9985a501

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
485e33501034c5d3da1948054189e375

SHA1
f8a50d2352cf8f242a06b8c8e1fd7ba24ebabea1

SHA256
26d973c0899861df00d18aa93aaa76cdd3c86566ef6496bdbb5b8c19b235d0cc

SHA512
cb1259486c83188dd257894ca1968e74bda340fb9193906eaed7c6d4a46ad8f4d292a6fd500be268dda8f6767df91bfe50bedf418754d347eb8a3fd47471f60f

Download Submit
memory/2084-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2084-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing