006d7e4e4104a05f8ac150153dc28e7aa94d4b6bf596aca475471d5e62748b91

Analysis

max time kernel
148s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
Size

108KB
MD5

95d036fb68d5441fedbc07cb7a158d80
SHA1

44a54f83733cd253ca420da5f00b9bc3951e1507
SHA256

006d7e4e4104a05f8ac150153dc28e7aa94d4b6bf596aca475471d5e62748b91
SHA512

c45c45c361b69c99f07b596d141aab91529218d55c2caba77cc87a0656bdc62d756684ad1d6f50c80db7a8fc1b762186ad0ff6f34680b14f32d57ffcaf1e4f2a
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOh:hfAIuZAIuYSMjoqtMHfhfe

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001342e-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2364-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
File created	C:\Program Files\MergeEnter.wmv.tmp	95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95d036fb68d5441fedbc07cb7a158d80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
108KB

MD5
3da1f94137616a7e3019e0f02dc12ada

SHA1
6b300d1436c1d394812971b2df55e778d8704b62

SHA256
6ca7bceb437086d757d8e2793504a7600cba0b52987492c3bc769fc566a0750a

SHA512
ce6283f07dd8307167090a0d0d510bb76152a9d0c208eb07e616e40fa5ecb4f3243887eb48d738b9874fba949f41a2faf5e965bbcba596dd88c7c3909ccdbb96

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
3d0c7985646884b2c358f57c364904d3

SHA1
8592c5b6c6443e24de57d6a849c08e5ff2005f47

SHA256
b34aa3d6b59da18156e466bac70d5de5446477f8c8cabf2948cb5c8524fe8ef6

SHA512
d35c3b036adab803d43eac0f69031fe700e16fbe3a692cc1f861b1cb37b28e75860d84e62f05b8a35d9e109a98eeabf1619206f90fb89847927b72a8d9b38556

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2364-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads