78e2b9d6cb2d87305409bacaf361df6d25108331d8e75a952cd9c3eca67a4768

General

Target

3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
Size

53KB
MD5

3a7908a27f70ac1d6a3503a024d648e0
SHA1

f633df7a4729a3871f94c0b52b4c6254346e981a
SHA256

78e2b9d6cb2d87305409bacaf361df6d25108331d8e75a952cd9c3eca67a4768
SHA512

d8ac942b7d954cfad260eb024a3508cbc6e84b3862169d9cd6cd66ef396c981a0052371737db0f695d60081e8ccc7ac1a77b2ef87da83732f0e066f8644deebd
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8yiuaa1aaZ:KQSo1aa1aaZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1992-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a7908a27f70ac1d6a3503a024d648e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
54KB

MD5
94513ed483d0d1cdadb30a2c0672c36f

SHA1
a63bce853c078f67dd0b474c4f252f2ea71945f9

SHA256
7d80130ca66ffd8d4c5f654db25d909a2732bc04e6f735817d951e9f4ca17381

SHA512
a5ad9f430fb755119599df615b449c0739a882e4d7da0b78874b44ae7fcd0d806226cc771724e09a6feebcf58fe7aa4f4abb7e6f6929799f86d3a2ddddb56b01

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
63KB

MD5
44dc2a6983ceec23f4998762bfb9b092

SHA1
e3d383356c8b18aa5e3107e59025c6289c902458

SHA256
a19a6eb23197eed6ac60863d4615fabc1f485ddd996fd3cfc80e36c5e4ccb857

SHA512
a087245c421a8d3d3efbe89e63899026a81bcfe6069b549b4901ac35415d24789686a433716316ac95dc4658e8cd8da22f48cdefa8bf56b66686dbc63618685a

Download Submit
memory/1992-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1992-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing