3eec9f7debcddd4da5c5cc3543bc62cbdd055a13874605e8fcaf4e773e8ac269

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
Size

312KB
MD5

3636963d46445f023ca24c6bec628120
SHA1

f9c7c57c70dc6dc0323d1f3a519696ffcf394644
SHA256

3eec9f7debcddd4da5c5cc3543bc62cbdd055a13874605e8fcaf4e773e8ac269
SHA512

b8a107556f5d99ebb41b2b895f3ec549ffd346852c083b34e1ae09b527cf3af8bd95b1a43f01d2abc2c51e03e259a8f49aaa7484133a322eb9d91d3373b54c1e
SSDEEP

6144:JiQSo1EZGtKgZGtK/CAIuZAIuBQSo1EZGtKgZGtK/CAIuZAIu1:AQtyZGtKgZGtK/CAIuZAIuBQtyZGtKgQ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2802) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/348-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000012331-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/348-396-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3636963d46445f023ca24c6bec628120_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
313KB

MD5
6a9627395af2e9351ab4b832b5eb59b0

SHA1
7c3f295cf5fdebae5f8d3d945da3b5b9bb783c45

SHA256
7550a2d73f0029eece8ec84620353855154968b59d8406a53ba30f2aa12febfd

SHA512
f2294004e5ee0a38471ce2a5fb4111fd481ff8e84bbbe34a8aa368ef1aa1b24121e9fdeef9819c38b08e5f38fbd2dc98d8d94fe4e12c7127fe60a00b6f80c834

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
322KB

MD5
74eb5ce0932802a039242766c39a1af7

SHA1
fc1ce9aaaa5c0ac95393cebea506b600b4dcab95

SHA256
5d7443311d028b4ed41fce57168460376b17b3fb602c6acf5b90417813ba6c88

SHA512
89323eb3be5987912e80d8b2294f363ea2514a9250f4236d8cc612abda5d1fa7fea44f2b8e61dbb9b144986940513b137616a7e401f7d0c9b9525ff0b7edf529

Download Submit
memory/348-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/348-396-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads