6a16b02e12b7976c8e185bc90c6f948a72a4fa3afcd43fcc6e856c45b21edce5

General

Target

2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
Size

71KB
MD5

2159117c15db6fc39d50edff42fd4460
SHA1

5d5448fe308a3a55d61ee1d9738e6ad30c1344cc
SHA256

6a16b02e12b7976c8e185bc90c6f948a72a4fa3afcd43fcc6e856c45b21edce5
SHA512

3d09497e315bcb9473fa03e28eae58fbda2a0f5fe651f0317e4e46e2e2ae3e2f005f196124b3f8221c5988d9544e80767b76e324061dd90a3162b2c4b6a7e52a
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJS:+nyiQSog

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3504) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1660-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2159117c15db6fc39d50edff42fd4460_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
72KB

MD5
0a56275693dda3b9ca84577a746ae657

SHA1
ddd96f71e676118a89e293b87ae229fb5a0feea1

SHA256
9fd63911523b8b585c2b9488d0aeea90df9aa09fb0e6ce38a720b27ea1261937

SHA512
079aacebfef97b0b65088a091b08c731cae133c90a25940c399fd8893a09eebe66b927a3fff315a3b92def9c69457e3dd703aec9d4187655bd5aef0e440375e4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
0449e08d331e44406be1a7166edbdea8

SHA1
9426540bd44e917f0c4b62ccbddad9e5fa9fb7f2

SHA256
cff396e63bda92d7f4cb07a0f8829ad8ef2a693d3c076e28c87d0ede37c42d45

SHA512
1fee04d57f709931a05a04fecac1307dca89c03469200d504138cebc2904ef32cb08b8e46efa9e7c7f96e716543666444f68c01c49f233aa16e34a7f5b4216f2

Download Submit
memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1660-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing