b81f3377b6a139ac064f7316451545d08ad580f3bf812ce7b0f83263b10e372b

General

Target

ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
Size

62KB
MD5

ac9bf9f0018ec833aaae8269bcf33a10
SHA1

382c07667371bc27791793ecbe208c0f59a9c29a
SHA256

b81f3377b6a139ac064f7316451545d08ad580f3bf812ce7b0f83263b10e372b
SHA512

0018cc8c584110a76cec2ec3e4a28eec375e54b43b0c046927c8fdc1a705ab99cd5cb9661830ab36f93a1a3771ce399f04235efeb6c982b266133a861a7f92c5
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q83:+nyiQSog

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3664) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2156-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\oeimport.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ac9bf9f0018ec833aaae8269bcf33a10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2156

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
62KB

MD5
805a9cff8b9346da63df8decc1849b41

SHA1
cae631aafecbab819783cb74f64e222a8e7d70f9

SHA256
1745b62a57eb9a27daad9aca69bef7ee0536016ab7bd035c9dc403f5decef86c

SHA512
e609121c2deba9f23025e1b3ef6f8ef6c5d70fae88028dae1085433128630c58db70db9f6540278546667098479511bdbb129fb9dd93a2c5449e61472285b4df

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
71KB

MD5
f78d6e159904ac6cbe656ffe79d121d5

SHA1
76586c211b23ea9ad32d2f13445d6937d6d602ae

SHA256
63dc3256642321bf761c9adbcc8252034625409815ea40f963d2b19c3c2d6076

SHA512
2a6573b6fdd0d3c9bab11a791df721eb4b93c1e6eeb0141603a638b4c91403bcac07f1645fe61efd5bf4679f989068314f19ab2eda9f0cc0f3407921885df5a0

Download Submit
memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2156-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing