31b9403b9e4211d3c67b00deaea4248888ffd38cde760101b711ebf708bed219

General

Target

7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
Size

57KB
MD5

7126c9397a8722cc200418bf96388720
SHA1

ca9ffd03d75f05d14c72aa0b6204e977620f3e08
SHA256

31b9403b9e4211d3c67b00deaea4248888ffd38cde760101b711ebf708bed219
SHA512

bd9767a79e1ce76e698a1615af521c722c163dd496ddbc78800c6619f3300da3d72d46985c20008e6fad3a4d02d4a56674356c6d580c616d5bb9e957ba5184ac
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2bTgT7v2r:CTWn1++PJHJXA/OsIZfzc3/QbU/+

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2964-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2964-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\timeZones.js.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7126c9397a8722cc200418bf96388720_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
57KB

MD5
c22c0bfad339702a31524523fe605bbc

SHA1
d9743975f7862e6907ddb63342c9223a68b81461

SHA256
f62b967591768336ad4488b00d4300f5b61a09128735acc949c8bdfd7b9c6f19

SHA512
230dc3fbacc3cd8beb071d75bce323764ae3c8305315fbc4167a90e20a710de4b98454e5c48c71fb8af1e11654181d92a5e57b5a283d581f28eba70033104ebc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
66KB

MD5
f8013e67a9a48ae38e5888296aa49344

SHA1
c63fc0abcd1fb8a60560ea8d8c8c94e0e408d8ae

SHA256
44b6597478319f5c668c6c9a4bef0a31a1b9ce34f24d65de44bc476c9bc1748c

SHA512
0be75600fe3c75daf7f0362f1d9212d2b91081a95fb316a6eb002fa34b76b17cf7321ccc0fb39ce72db6a5386f42096196887f4cb0864485b0c85e589f90eca5

Download Submit
memory/2964-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2964-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing