3de00c6063b520ae1ac9c91fd22734a1e3361c1006f08c18d03b32eddc69ae6d

General

Target

6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
Size

165KB
MD5

6fcdf5b5566ecd59a02ccf9aa5668e60
SHA1

c1e8d803b091757c34ca561867c63cb158a18fc0
SHA256

3de00c6063b520ae1ac9c91fd22734a1e3361c1006f08c18d03b32eddc69ae6d
SHA512

b6474b543c412594e11bfc933cbb4836e4abbed5b7d6af557def246d699a705fa0758289053ef9d60e36738961ae4c23e455b123d5d21662776633d47b3a08ad
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtdG:KQSo1EZGtKgZGtK/CAIuZAIuW

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3087) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1384-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1384-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\CompressEdit.xml.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6fcdf5b5566ecd59a02ccf9aa5668e60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1384

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
166KB

MD5
6770a0278bb05120b73fcef9b9d0da3c

SHA1
b73c4bbffff6d9a342486a732df0016304ee38c8

SHA256
a819e1abc6a8bcda9148b69c5cddb74a41e86e8c8ba5e5ea9faa228af3a24999

SHA512
e63e34c0154bc4609a5a511b5a62450a14b539a1842db6712d715a59015f83c2540b034698f8efea067b9af55b2471d16587d2880af4f0c74114f75e9f91414f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
174KB

MD5
c9a0a0f14ddc3b32f9204adde27d9778

SHA1
0d4915626e53e1b5b7476aac739bad1b9b8634f7

SHA256
bca459b8730501be32de8646d6ed31d00ecdb015e1f6bc3ba27eeba60b4b9ed8

SHA512
f7be1f98f021c54709bba19065e7689aa2eb32c1c88b09352aac45fd0b9268b4acb278c7186b6f98c6fcd00e9926714e2b79c8d34c6bb74daf176bc5bd85e7d6

Download Submit
memory/1384-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1384-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing