17d9298ffa8f60105810df7a4d07d40a1359e4d52ad57f525873d5ab55bed48f

General

Target

6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
Size

101KB
MD5

6f89d151140c69ef3c3b2fc2a12c4be0
SHA1

aadba4131f312d482fcb6c6666e35b00274c012e
SHA256

17d9298ffa8f60105810df7a4d07d40a1359e4d52ad57f525873d5ab55bed48f
SHA512

5656cd1b8884c887029d6efb1577878ff7c22d398a805145439ad9b467e82c4fad2e78b8d0618a6f92822cf5836d734dbaeb159db2186fdf25aa354b66fda22c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf5SP:hfAIuZAIuYSMjoqtMHfhf5SskD

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2256-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2256-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\SplitMeasure.wmf.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6f89d151140c69ef3c3b2fc2a12c4be0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
101KB

MD5
275d2eb9bb99d5cd33898a8820020cd9

SHA1
7bcd5dace91ce353a6c6143d82580935dae79509

SHA256
1471996800e56a9307707be2e0e04de9a44404b50954853f4cb3e688dbdafbe3

SHA512
0806afa527b6475cf39b72ee34d9ca9e4dd0cbac653d43f5305f320cf1e878c03436313e0e3a00eda74ffc057e8e971c611d034bc365897de76fd9198653f768

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
e7ba89829b0114ab9c46d06ea4dffc55

SHA1
81f8c02e8867ea26110993a4154b0f2e722c12ec

SHA256
79a3da33fa35ee1756dd90b45ffca025cca2505fa9dbaf06d37406704d01150a

SHA512
026bc9e3e111085cf458886ff63c2ca52b9e266af9ec8ec19d696bd06a807fb58de48d00d601add23ae14beb1af55853e729a3dd395d2685eaf19a22e8b5bce9

Download Submit
memory/2256-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2256-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing