f423e88c6e3899162ea01e2e87234e6087ff97c055475eefb1e3e02a44891c11

General

Target

3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
Size

217KB
MD5

3dd8ff79c363ef4e46336a51dca58ab0
SHA1

402d5572d92e071ea1757e7dce59ac1d9c36ae95
SHA256

f423e88c6e3899162ea01e2e87234e6087ff97c055475eefb1e3e02a44891c11
SHA512

dcc57449dde56eae0a10802f9962b2203520fd70a9a4d5e2c3f898b8e5068b2fa55994888b7e55b8741c605e9c526a7d7b6210e2e4decda314acb5785062dbc0
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhfFfAIuZAIuYSMjoqtMHfhf1:JmCAIuZAIuDMVtM/XfAIuZAIuDMVtM/r

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1752-410-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\PopRestore.ps1xml.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\StepUnlock.asp.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3dd8ff79c363ef4e46336a51dca58ab0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1752

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
217KB

MD5
1cd0592d6ddc2d121d6b30b6ecd21d4c

SHA1
0c3daa20c1edd0d67302aa44caacef8173bcfa9d

SHA256
82714af85ca5970469608f7969770bb1ca280a0b5a7459e1a984f6c798f2f240

SHA512
f166c0e1341b72816e1d42c88f55e24b2b1f266434ece44c12c6d967d779523cf744f951a63c4ecea7a270d90663d5f366ff84e073f5760531762fd8e75328cc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
226KB

MD5
a38f2f8907dd901d8d4ac6ce08858dae

SHA1
a8bee18d620260a7f157679e76263e8475d0ddb1

SHA256
a038937afe49e1b0f65089a38aa8c42a47bb7fb7dcdb4bf75f80709df2d0c169

SHA512
88bb0c0b6c48548a22e0017d8ba71199e185590ab5e25704acc940ef8a3c184271fe9ccc614acbf8c0aa4e0c8abc9c736ef7d220cfe156e46840c46298d4cae9

Download Submit
memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1752-410-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing