8e5d5877d745743390e29d2f7059a021be00e66a08e540db4006c1465d9d4a63

General

Target

396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
Size

72KB
MD5

396d3509ede3a9070a0a2a8928f29230
SHA1

3b668ce88c0962d779bed6b344202a6cc7203c00
SHA256

8e5d5877d745743390e29d2f7059a021be00e66a08e540db4006c1465d9d4a63
SHA512

9dbc551461617193d41052ef91e2e1bad195e4e81aaadceb1736d4614d2082e1b6ca124691fb37d8cf49016e1bb386c8da7dc5872b039bb55f762b8b0e3511bf
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJ5Jb1JbO:+nyiQSo0

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3492) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2968-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp	396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\396d3509ede3a9070a0a2a8928f29230_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
72KB

MD5
771f57ac1dd3f135b23d540e88e7f8dd

SHA1
9417ee916d7e8e39749d117d205999ee608eb71b

SHA256
e9351e334a715b6a135ca55a08d0f177f2c82615e18fe4fe50d444717e340f1d

SHA512
953a52b6a6a3b2a5060952e7774b43e9d9169f3ac16dcbf6c32f0e1b77e25a088591aa9a7fc6c5d69f4595f195556acbad77f02ec8741a40cab7c5187ce43803

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
607da5502ebeb4574f3fa4292dc9740e

SHA1
44e96d3e6224019af381617a8c738ff34f5a388d

SHA256
c94c82df6e3053254701537c7591602104f2d95e7c2e9d824926533c2e0a2187

SHA512
e2b878dd89145dd1456ebda88e5fa2f080feec5743cb9162b1d4c6b249105bac0e8ba8085f5154ebf493cfdb90d37912c71a8c10660be629036dac4020b6485f

Download Submit
memory/2968-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2968-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing