69314876d09887ad6b6a2612fe21f0f11d9a9381331ab62f7f8b444cc133e8a2

General

Target

926540966292571282bedbe21df70780_NeikiAnalytics.exe
Size

82KB
MD5

926540966292571282bedbe21df70780
SHA1

c44c699ae33fc7e7d386a7d291d8dba4ca309580
SHA256

69314876d09887ad6b6a2612fe21f0f11d9a9381331ab62f7f8b444cc133e8a2
SHA512

9ce2e6d73e50e8b9440fe3987d0e3d670d7d4e53a39f4dc1ce85cffc794cb6fe06479e6320c8652c1e64d03a0653eb1d40caa3b1b111054f371048f791b69d58
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOJ:fnyiQSohsUsU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2172-590-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

926540966292571282bedbe21df70780_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\TraceStart.docx.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	926540966292571282bedbe21df70780_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\926540966292571282bedbe21df70780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\926540966292571282bedbe21df70780_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp
Filesize
83KB

MD5
10f0588732d89f7a753a9738aababf90

SHA1
f2568d06346ac80a47ce63d6e3708f2c2f9b45e0

SHA256
38879148d387d3c482b3ed5f6d2cebe7421d6e8c74bdab9ae41b69d05f5a6150

SHA512
1cf5f67850087410899ef74660c322c55085b968fc2b1399565417b350580c0dba217ec66ff2ad51c4bb975914e49c809af22f031a81f7ee71b9eadd356e822d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
91KB

MD5
d32f6e4e26b98a03c0a6d789c03bdaba

SHA1
3c7d7f840c2e662a0f178ff29ae7519059d49aef

SHA256
842d4339a3dd9924d59b3696f10c4f4255ba08c7c50d9c1140eae8b0ca9744ce

SHA512
c7b21d905fec8463266a1681cb493d8d9eccb1328c6c48e42131642adab72ca208fcc8f6616fb8c5afede3fcc181c4e425f06cb8b0bafd16a46f02004de59188

Download Submit
memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2172-590-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing