7acb12e93fd4b4415f98153d40f1a0c904fad57fdc5c09627aeda6a03b63af94

General

Target

a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
Size

122KB
MD5

a6047aa8c76a048396a45f6f8bf93770
SHA1

e9719c9e73eeaa2027b3e59feac40f378d6faa19
SHA256

7acb12e93fd4b4415f98153d40f1a0c904fad57fdc5c09627aeda6a03b63af94
SHA512

04f6ecc1ddf842848f56091afd290b183affadf6ea6bbd7fb1a9691dfa85de112da435233968416cfaf9ff8d4fdbc9eea488c1c11d4606b0a49119d54c451ca3
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCf:+nymCAIuZAIuYSMjoqtMHfhf6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3426) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2004-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2004-600-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp	a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a6047aa8c76a048396a45f6f8bf93770_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
122KB

MD5
432b870537f0f3a9702d56714d6952a3

SHA1
3df285945786a0e23bffa17536f50d8398572e46

SHA256
a4b1a48ed0777330f0ed9f338b1c4c6745a0e486d1e80733635a6967770cf7c4

SHA512
3e2b10d9b8b73fd9d05574e1c274c90f076dca3c3e6007532155b9b5187a50a533154d6be8adeb0ede396b4993a6f0d872e89e20e55c7722a7c5ea86204178e8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
131KB

MD5
889aafc8bce841f1a724c7e69af0ed37

SHA1
8fe77f9e30dc044dbbe4b11ffeed24840cecfe71

SHA256
7b712200f6e3eb80787e53629a3c9551a8c72b12e6c6da4f23fadbb23218af4c

SHA512
5366b2e039f17fb25dba5b1a9cf169dfab7bb55522d099218b718da755559a8b404446caa94a6b2ad99c0653ae7abedf25a685d395d8c350b47a4ab69b7e027b

Download Submit
memory/2004-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2004-600-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing