69f98bfb43458cd47bdedd6b5aa1b79494f6c196c71abbce0c4ff34efdeb7f1b

General

Target

4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
Size

70KB
MD5

4cf76a49efc4f88ff48b23477edb4a80
SHA1

2e7629340f1a434fa896510cfb9f01fc2d8b3484
SHA256

69f98bfb43458cd47bdedd6b5aa1b79494f6c196c71abbce0c4ff34efdeb7f1b
SHA512

b8292f38339bea8ca900ae3d6ddd24b2e11c24073c9ac13a72d0ef021fa619678267ee83f6a076a35eb6eb56287664292bd298d4760be28661f57b5586b3fbc6
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUs18/8T:+nyiQSohsUsOkT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2208-498-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4cf76a49efc4f88ff48b23477edb4a80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
70KB

MD5
097676c1d4d49469366299eb5b1b0b9b

SHA1
94b3a69e3f1ea728be8db24105e6b88e0e0e06b8

SHA256
ac74042cd9b99dbb109b7f35f13713038499b61bccb648d431ec0f738af018f9

SHA512
29eca34cc284acb7d84562bd4ae173f776ecc2f6b6297164143c6055b4cd07507f5390e9a09f0785e32b2cb43bf628793216d8423951e9192d26d511415f1e16

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
2b9157e336d0bdc32804a28142d3c0c8

SHA1
90e033be53b471232db1494117c05f2531fb3bc9

SHA256
03847b0ee0144aa195a4ec751da2abc002117cd830e527fcc325b721783a76a5

SHA512
cf34e810bd47d4ef02779ec5867880f27c05b890981a6500747afd0da7521ab6a3d24b7d66d2685dd024dc63a468b4cd810fbe5c962648dfcb73736c310bcd7c

Download Submit
memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2208-498-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing