c9335151b08cff1b4fc48615ea90a3978e9aed0332e6a3d03ce73048f2584cce

General

Target

737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
Size

203KB
MD5

737a508406817f82d604a5854d0c2d10
SHA1

152685925a4ac14d3e457600fdfc0687b0b23a45
SHA256

c9335151b08cff1b4fc48615ea90a3978e9aed0332e6a3d03ce73048f2584cce
SHA512

5e5e3fa1d5c1d415452e4104b380b2a132956fa827e40b0caa24da271184c8ab21049e8a3dac573736579a36a368eaaf7c86040929f79a343eaed6d5c8a09367
SSDEEP

3072:enaym3AIuZAIuYSMjoqtMHfhfJ6W2QZwKS7X:wHm3AIuZAIuDMVtM/L2ZKS7X

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3262) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2072-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2072-586-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\737a508406817f82d604a5854d0c2d10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2072

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
203KB

MD5
52b102d27f2bf8e80928f48720aabbef

SHA1
db824c07da3230c1f5990ce6c793a2bb5dbed47a

SHA256
7e68922f12603a7a48159330e8338dcb62dcf76505ffe5206c28ebd5b383d7aa

SHA512
fd7e44458c697f5c509e727f87c829110822d9e9f6e730ffd75fccb4c0bc05fd2529785d9c0c1745bbc82655e4c4c3fa578c35ab1109d05b99d968c347bd6d88

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
212KB

MD5
9b6b64a8a695c7a77da7c609bf8d1e91

SHA1
055818445dcbb368c12040732a250961953cf2a1

SHA256
12718f4876278fce53eba7c378f9d8cf5f870f0d2b6a4967f83aaf5491b5c3b7

SHA512
a7fe3d69421d755d94d7cf27f25626f37a186ec7db51d354201071745ff5cfade25eb3792337cf3ad12b7b13229760140a564bcd21284664c93851be2b3252f9

Download Submit
memory/2072-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2072-586-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing