d9bf8817d81f51c9f5143ba6a277fc18ab889529b52d4245386ffea5ef325d70

General

Target

a30658a84715a080686303f599b81610_NeikiAnalytics.exe
Size

68KB
MD5

a30658a84715a080686303f599b81610
SHA1

dce33f81a6599b154811c34629ba0ce6299a86c8
SHA256

d9bf8817d81f51c9f5143ba6a277fc18ab889529b52d4245386ffea5ef325d70
SHA512

eb61d3c6fde7d7c9956f3d7ec76ea56fe6b282324461cf2ba3233a9cf61a8d081f510c7b0b679c5b17e8ba8e5654878e43458162da21f302730bff2a787de1b8
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZnzffGFypl8:+nyiEGFypW

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2212-450-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

a30658a84715a080686303f599b81610_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\UndoPublish.doc.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp	a30658a84715a080686303f599b81610_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a30658a84715a080686303f599b81610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a30658a84715a080686303f599b81610_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2212

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
68KB

MD5
7407d6053f25b09b893a029318752722

SHA1
b58b080b625f13d60e468aab463c7f41acb86543

SHA256
e25547036feb3ea63886098729726d4113a47387851df979a22043092cbc24be

SHA512
6be49354b39c0acb9c2980552e207ef6f5b8c4df1a359e48a97aa0d07356d4b396374abcf4f9cec69617f4ee1ecd5affaa3956c9fbac399d48107e0e645bbcaa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
77KB

MD5
2f2c7f5fbfdf5381d5c2b0e56160e8de

SHA1
49f755c50cbeef0b7d1f6efe64d33e040e10d71c

SHA256
6aef2a5a9203f68d830b5fddd4ec26b9e95f2266a6d1f55e3af92ab552a00295

SHA512
d1c33d248bca83be07e8b916b316f275ee8961092e466520ef17f31858664e04be67b5c22bf8e0f847ceaabde0bb0073a621c0b08adb9a0151a27f7ab598bfd4

Download Submit
memory/2212-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2212-450-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing