0c6c5d4ed212a5354796c66458cbca0911c19227b9420a481232e4dcecd59f42

Analysis

max time kernel
124s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
Size

106KB
MD5

14ff802736bdc97ab0e637e39f0f3740
SHA1

f46034b6c22e359d41a408b45163adaf9bf4f070
SHA256

0c6c5d4ed212a5354796c66458cbca0911c19227b9420a481232e4dcecd59f42
SHA512

38566a84fcc309b4d8b2a6ee3deaaee5e012b09772ec3fe58d5b00852daf2ce130be6ca9c01f860ea3b479b55509b7f245ac074d68c9746d59ccd0a9abb1691b
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf1:hfAIuZAIuYSMjoqtMHfhf1

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2980) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001232c-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2276-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\14ff802736bdc97ab0e637e39f0f3740_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
106KB

MD5
067d7714e87e18bda2a814029fbf9a3b

SHA1
f2b51c25e062505fe63d4686f5a2fe5ae905459c

SHA256
3b0a7a700659e69d3074d522701b57d29c854947ef46b4f6de13e81f339f10db

SHA512
25c081562381ea5d465ba7d881b7d1656d094f5c06ebaa8deaf66609d4049edf4f492619f6f2e91a318cb71e4f846af70b4ea8b6d12b5426f0054a231b3f150d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
115KB

MD5
dc3e9f82827480b35c1ecf62b3001079

SHA1
39f8ebff51f9c50fe035d887909a2d343c5bf2a4

SHA256
0fee82c30f02b636176dcd13c0ca3821aa91cea3bc98e3dff6fc753d980b6986

SHA512
b33d72eb7871cc148779535a45c0948ecfb80f75010963d09466805e86925c79c53847e14e05b16545e9050035fded7b5e60073f22bd24d558990ffd0b37fcec

Download Submit
memory/2276-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2276-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads