8183873208f19db3fca967c34c15e8077765c5e06c2a2363b88d651433b7624d

General

Target

5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
Size

63KB
MD5

5903c827a48915f379bcc4baccc02b20
SHA1

27f5b2420398daa03c3be21ce26f9fc0f87ba514
SHA256

8183873208f19db3fca967c34c15e8077765c5e06c2a2363b88d651433b7624d
SHA512

c6f55cc5a10a2690dc7e83f22547b5434992b7e6e14e4c8c65b8149697e5047e97b00a5860cb1dd414f96a28d3689ed4eda17bf23a71f4a24f3c58c17d53d329
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8i:fnyiQSox

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2292-644-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\settings.html.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5903c827a48915f379bcc4baccc02b20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2292

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
64KB

MD5
77e63ae580a92838307d4ec8992e86fe

SHA1
601ecd346a798a79222e030c5ff38a3fc913672a

SHA256
50fa213d85afcdb11c3acc728f9a30b2a0ab7226728597f98dddbf91a293ed2e

SHA512
99e70eaf7d38c3ba4efb7bafd37a7bb4a17072a3092415bb84eb551c74684d573901f8cd200fadd11cbf224f1e0b634e68ebb3d6b57eed04897be5fa1ec7c84f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
72KB

MD5
b76efa8c33efe2b5ae8d72c25b21221c

SHA1
7d176eea5532debbfa08f9f96a739a922470b97a

SHA256
2fd4e8b666a1c6b0ed6cbadb1c37d18c49cfe781cdd436a1617842bc5f3c7634

SHA512
06c92fd00d2b1f522a6326960010e1383b9d6eb532c2b6c2ae4eec75261e26be2dda9cd2025bebe82b8ea45cebab06663e0cad56e80a40635c87b3d2a9a4b5be

Download Submit
memory/2292-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2292-644-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing