05cd9086acfa020f504d1e5bb74a5923995ebdc346fd5e45f05455c5d2ca248e

General

Target

942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
Size

81KB
MD5

942da28a926a40c27d6e6772bb7bd010
SHA1

d98a0cd03d8adf1ec12af937baa3fe24a65693a2
SHA256

05cd9086acfa020f504d1e5bb74a5923995ebdc346fd5e45f05455c5d2ca248e
SHA512

dea05c6dde84950ebe2355e3807a4b53f2eb3cdbce1cf8e5e51931d94258f0303bc8a1098175004eaba62395f60538747ba53fe3dab2c890b4f6553639a5d322
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOw:fnyiQSohsUsZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3491) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1992-652-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\flyout.html.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\942da28a926a40c27d6e6772bb7bd010_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
81KB

MD5
93f34241bb75fd3195040244b445bf49

SHA1
6463acf0a6b9afeed91b3d6740407ad125f7a981

SHA256
f1c1cf3f2c291c289ec31bdb68588a7e0bd5fd6f62dc9ecf541c9065fac8a850

SHA512
321292f85ab0e7a4cf236d06616ab47c653ae2b4f0ee6ab82bedc71bb3e1068128529922606a091b0de6ca66ba76b145a3e9b8c6b8b989c71aec51112c6ee9de

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
90KB

MD5
dacf9b2919acf15a64b54ccf7c26c191

SHA1
716211be893e9cba88ec5b37cb4971e407a60103

SHA256
5110c97173e67b5a39b4bea70a0cf561de9c1069df7d89a938d1edbcb4571275

SHA512
6b033ae892d5838384d265dad43abce2964785585f3902c0fd172db6fe5f3561897308b11e2616f2fe6546a9ec7ec0d1e7be052e43b44ea37c23aced4ddd565c

Download Submit
memory/1992-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1992-652-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing