9255af14979106e2c0c2eecac672b5bb8e6b070e3af780589b5eee275ac8bf4d

General

Target

a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
Size

42KB
MD5

a6d31eb5962b2e7def445f586297c660
SHA1

4d824cefd38ce3d84fa5642be4548e387cc2b479
SHA256

9255af14979106e2c0c2eecac672b5bb8e6b070e3af780589b5eee275ac8bf4d
SHA512

2822f266c117fca0399ba91ce334a40f177cd8b13df0017f39cc8a01c8b0820a717edd7263ac3b4f9f73ba3bc817173e9b636fcb237d2ffef590cf791c75af28
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFS1:CTWn1++PJHJXA/OsIZfzc3/Q8S4Z4x

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3789) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/492-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/492-78-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\SaveExit.wmx.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a6d31eb5962b2e7def445f586297c660_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
42KB

MD5
b5507a81aed447f379e927308e594223

SHA1
50393ce160c1263a3b89f1f340222ea4c9219e82

SHA256
b9b7746a21c5b797e1d2a8cd713f13333dd5854bb295062f6b0fb991b2e87435

SHA512
eb960c1848d3da0b7f12544e109c0fe445076dbb43f527eac88ccbbb99284774c1704ec358e29eb74bdbe7649650bf5a232a7600d3b4053f99781b1b67e9323f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
f3aa22ccaa58d3a9974e32f7bd78b1b6

SHA1
36be50ab3cfbd0ff6ba5741a8c0bb178c1ab3760

SHA256
2352a7a76ea1ad42332fe7a17192cfbea876916ea504c7099ebad6214854c73a

SHA512
e5b26d84e00d17e09749ccc398887fb9fa538c7f8e31071bafc0dfca0af4658421a052532dda99426dd76b29abc3783df912ad38a6fd5b7385f6cd30bdf6aa67

Download Submit
memory/492-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/492-78-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing