fd264f97a6a1a7217a80560729f1d540de7b5ea1b3e5ccc6da95eb5e53cf354f

General

Target

e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
Size

54KB
MD5

e6bb5b09362117d0bcd8e449f1e2c040
SHA1

ffa8e510db8bff61be97def0cf94eb96a6bf1835
SHA256

fd264f97a6a1a7217a80560729f1d540de7b5ea1b3e5ccc6da95eb5e53cf354f
SHA512

c819760f1bd5b5aed4b621fe8172a1c6e72d9156034d7297becd4fefe51c4f9b85694cacffb0eef130da9516ee538e80c175d4d62b893f6e493bf0aef007a025
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8yi+iyCiym:KQSoLiyCiym

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3738) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2236-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e6bb5b09362117d0bcd8e449f1e2c040_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
55KB

MD5
8fb4bc0cc6732441da4f6491320ba1c6

SHA1
12b04ea13c8ecd733b416896a556b1de6f6ad1c0

SHA256
970b9046db7350ffd1d4d49c4e8c740431c5ba09105fd6b878e4f7df596bf1cd

SHA512
d599b7cc9c2d79490032e81e1d9cdb18c0e736bbaab6961def6f61ef7f12cb06d12f34b389b022d8b3d9b891d9a3764fc2880f258b6996750be1a23ed1514d5b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
967d4fb7dd749396ee88b9d9602ada9e

SHA1
f35307902a2c88e731b854556d824368a83127c2

SHA256
d6b5a4e182eedffb344e97f83b6df72fe0bd2923b7f19e7333dc2c5190a70ae2

SHA512
c50b96e63497424e71dec01e20e90c1e93c33c9dd6dedfcc99bce5d631d7577c2c7128aaf665cb91fd2994a231ec85ad169aca3b317115348d31df41cc19fb69

Download Submit
memory/2236-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2236-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing