40420ee419c251c03090fcf46c36ea712a6a62fdd978c406bb14a05fd47d22b7

General

Target

6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
Size

103KB
MD5

6ee8ccf365a4ef8fd29889f2fe1d5950
SHA1

081e6a075f5980c2da1e607c65dbacb9c44b42bc
SHA256

40420ee419c251c03090fcf46c36ea712a6a62fdd978c406bb14a05fd47d22b7
SHA512

7e4a2b378ae52ac75d3d4a7ba3cc573df4c0fdd5bd6aa50a0d9bfba19b0d88ab7334c0cadd6fb3152e651a38ab5669bd5a8901a966b8d9eaa5087a46c3586019
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOA2:hfAIuZAIuYSMjoqtMHfhfOAkfAkN

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2408-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6ee8ccf365a4ef8fd29889f2fe1d5950_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2408

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
104KB

MD5
e610ac369648b84f52c6e0dd6aa02517

SHA1
531655e461375909427c3bbbb82709ced2f7e3a3

SHA256
27ba7d178a093f3bdc341215c9b5659ea2a088617b05339878289109b638aee2

SHA512
be4d419ec8356c386c59b90032d340bbcbafc9a4f5eddf442735bd99ee3fdb78f7cb084e1b8bf3e629aa017d5680adf63686dc21d7457c6366b3f74d4a901bac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
112KB

MD5
97f82300b78bd842daef61e7a508942f

SHA1
24053941a1d36c697a15fb45b24f12028e76dc0b

SHA256
014bae3105043270a6f0a0aecbf73d4dabe280c4631a1b092a8a1b7459b262cd

SHA512
e75555dfc5ea35d71ade83d0e30602477f59ed78a0b1b7ba6b8d306c36152ca713bef5de22e7dfbe6397bc8b0e702a4afc4534bdff511537a4a28abf7aca8683

Download Submit
memory/2408-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2408-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing