aa33d00bbc4f9ef8169f9e14c2140ba73e77b5b23f2ff1f41382037daaa49778

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
Size

173KB
MD5

887f39c73457ce6a96b3c9c9b2c9d230
SHA1

c060b9e71f9c5864e098408f859e142691dfa3d3
SHA256

aa33d00bbc4f9ef8169f9e14c2140ba73e77b5b23f2ff1f41382037daaa49778
SHA512

65afce9282d57d743b521f993771cf6c7601baa998967cb2fbeedb2499d8f666e60965df15c25fe98d3973e34218823f66fd4b2fbcb49af5f9fe6e3e83ab43cc
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIu+:JiQSo1EZGtKgZGtK/CAIuZAIu+

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (470) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000014698-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2856-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\887f39c73457ce6a96b3c9c9b2c9d230_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
173KB

MD5
ab6ff44483725a7b385cebd26d5a897c

SHA1
9a10c0480777af45a5d00d7038e49f42d000926b

SHA256
2e286064889434c629e1c9478bc55d881942d590d81905b2d317bf743ec0d149

SHA512
8bd9e2147f508bd7e5e8eae68c60d32110782603e3e8dda08f66b1e5bf7ae3851234e861fef9592534a9b0d562f91f6ed54e112dd5e97e48e749d1b127a9dba7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
182KB

MD5
3e44052636806376ec14a45817847644

SHA1
7c17c0ae958e2cf4e4c0045f8becaaae836a64fa

SHA256
94529e596d41eaa20e7b8faabf047c9ddf132e9e5e5d42f7a15302f41215fd8d

SHA512
60edcf0b5030086803ada2bef3053673bc5e372d9db8af5be990f72cb69755d3a7d0d50df28f472c7b1a261594adb5af18d214e791aed2f27dd132ee8b3fa419

Download Submit
memory/2856-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2856-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads