6466008f4d5b3f986058342915109fc34175479c5cef260f807bcbbfaf090941

General

Target

76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
Size

108KB
MD5

76583e1cdbd91e7875edb4f0dff10160
SHA1

777b030b8093f607b4a30e544a076322356a9f9b
SHA256

6466008f4d5b3f986058342915109fc34175479c5cef260f807bcbbfaf090941
SHA512

77ce49369bdf000c31c13313bc54614890f929952d4091e7ae2c3120b0578d675e38b45386b4611189e69fcb4fc4f35ac6283cca28864caaa81faed46cc6ce0c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfS/B:hfAIuZAIuYSMjoqtMHfhfqnB

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2952-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\76583e1cdbd91e7875edb4f0dff10160_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
109KB

MD5
f2bdb63ea2a6bca71ae32bdeecca5fe6

SHA1
8ea685d9d0121f2ef3cc58c98e530ce1ae04a757

SHA256
c4eef8e7a542cede186a07a32f46ce26cfd07b14fb93bfa65f13f5ce97a56319

SHA512
b96d5bbf76a7fd454e13ed437be37a56c7939e3f84f2fff3a16e808f2a5c86df4a06e00ea39f11b23b5a8117267131a805fbcde8f90ff96eae383219358ba8cb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
118KB

MD5
269ab9c28a868c5931c7754c346c652d

SHA1
7c25038a92743cc33cc7214dd65d2da8a24626ec

SHA256
d085ce640981412e28e42f74296670bf71aad6fecee1c1942a715338cee4ddb1

SHA512
58f998ab7b94c58fa875b591b1735aa223756a9d980f1d72dc355b5f2213c6dd565b1ef9795fcc87862e1b901169146399ecdd6ba57c68c85cbb8d77e88aff26

Download Submit
memory/2952-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2952-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing