af14488d2037efb2dcbb69bbdea90e08c9d23bdb84e60023794a08b612e70b72

General

Target

1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
Size

61KB
MD5

1e50155393d82c96bce75edf846b5010
SHA1

55e164c517256fa487813dfb420128eb063ec2d3
SHA256

af14488d2037efb2dcbb69bbdea90e08c9d23bdb84e60023794a08b612e70b72
SHA512

e1520924e25f496d040b46a1f8bace6670c2dace49b581dc16ba374d7d560f673cd3e28780052439f9df8be8eeb4e580afd8f4a4b6e74473142c06e83da1e1e4
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZ1nKs6nKsD:+nyikUb

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3736) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2868-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2868-652-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.CGM.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\gadget.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e50155393d82c96bce75edf846b5010_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2868

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
61KB

MD5
850b919ce207446994af8cb096f639fa

SHA1
a0e20521adef62282331d4aa3947fae013045680

SHA256
dfb628fb90f389811969bbf91d3067ec0a851340104c6a6f136b506869c52dab

SHA512
f3653e8354cf4a75b167b8491c04d1d340b0a37703d8a1e7eba43bf3c329a9d1c79e53caaa22f0840136eab6b7e35936b5057931bfc348f60ad9b724e95ff163

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
70KB

MD5
c3167455ad5b7da47b97a428e8f4b356

SHA1
ff42c8da2694a48ca280b8339d4c483c8ca8244a

SHA256
a8b3aea6e04f10f8d7e06221cab4d1f8448d619983f7671ffa76fbf070939654

SHA512
e77ac531d8c9b1c01c8de40d6abbd769f4b19f8d57e931206a6582e79792150d73d0472f48ff2d8380239330cb1180bcb14bec3fd57ee3f1da2c7e6ce6656d4c

Download Submit
memory/2868-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2868-652-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing