7ad48235269337c4d49325ecc0a46c4a405383051265d645057ca3491bc1d698

General

Target

95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
Size

66KB
MD5

95b729b2a787641a34ad6d5f576202f0
SHA1

20f22177e64fd3956cdd055935b25b2e2dd87b8f
SHA256

7ad48235269337c4d49325ecc0a46c4a405383051265d645057ca3491bc1d698
SHA512

c55a3cdecfd49bd27a3baa305ee269ff61eb02990cccda858b7b8cf727735e8cec64e001780b04c07e6259649f1cd6a12ae6027a92ce47c239e96647dff0d79d
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZISWh7SWhp:+nyi/SWh7SWhp

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3684) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1736-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\weather.css.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\InitializeEnter.clr.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95b729b2a787641a34ad6d5f576202f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1736

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
66KB

MD5
a26032792c87c86a8e245925930bf582

SHA1
e4ccce2b1df43102eb918835185174fa69d6d79e

SHA256
f44a3b8d128e99408a979663348502cae7a367c9d9b67023085430a9093ab894

SHA512
9cf99156c84e5d11f143ea57d017a660fb16934c3ade20d4c5805990b02998b994ee67f7d5f78aafa209af611fcd16f9d537a065859ce69ded24b37f290be59d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
75KB

MD5
25e477f8506bcd6371d75de9e77759a3

SHA1
335ee31098ff1278918dc3419e0f286adf988a46

SHA256
939c91323b6d646e8d1966db22607a24bf736828e2078e737145fb66d859ab55

SHA512
e82ba2c7e52d345ff3035d9e0aac3bc4b69c3b065594d6bc476e2bf9a2fb3f5538bb7d7f663c584940fce55766a948e03fdb43a85cab92ce41216ccc67f9b091

Download Submit
memory/1736-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1736-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing