563cf8b4f74d8e3cf833ef86a537d6a86bbdf842082f48b1a0c0b3d663e3b82c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 20:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
Size

142KB
MD5

ed9a601bd0b13f66c2e61c05b53ddba0
SHA1

3d75fff0d4891d1c0b8209299563f904ee6a880c
SHA256

563cf8b4f74d8e3cf833ef86a537d6a86bbdf842082f48b1a0c0b3d663e3b82c
SHA512

ea6c9c9c4ef715545479ee205d0724baf73a9c582298b22cca8e6edac5e0a662525bba5a69265ea7f3c2ced60a24beac6549a5dbeece7a91f7dd84f80952e746
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJb:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3373) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1340-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b0000000122ee-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/1340-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ed9a601bd0b13f66c2e61c05b53ddba0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
142KB

MD5
7132edc4edbc6b2f02c98077f7e9c97e

SHA1
66fad7d6d738b750bf8ccf25262c5f14df54512f

SHA256
beb873fea974009b1fc8bc9c49b02a5824e293764823e24d6ea27f9a8a55391b

SHA512
c3b94df97e0bd03baba74776554f4485a3ef0384f45daa62a9c4404c99e93d8d83e1b0c33c23e9d92b897b13b3f1ca256011a4b5cb0062fc133d2786085a0bf0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
151KB

MD5
a1bcdac844e68ab013d0e55db49978e0

SHA1
98a480defc700424b2b3df52a1d887bc00eee6da

SHA256
86f193975e0dbe2453d5edb00a8c1d3bf5da9ecd0142831fc79d7ab135cb4d0a

SHA512
2f860a196a44c4aaf99e1109840ba3111dc3395ae7d99307899b5952aa293d3abd104af16b31046b5dfbe977e20ca386f1eb874e5c838a1e91bcaefb75689544

Download Submit
memory/1340-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1340-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads