444b83f2f61bfdcfad386fc51deb81a7c73999cf18a56bbd734b108d77267fa6

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
Size

125KB
MD5

479090fb4448769293cdfcd1bffe1390
SHA1

ea03bd9e3fb399102e4237cff563cf81bc813341
SHA256

444b83f2f61bfdcfad386fc51deb81a7c73999cf18a56bbd734b108d77267fa6
SHA512

4edb312c5f3c0dcc3bc07723d95656c44f7b017758473e8f4c92be6652d17237df4c946eb6a4c4e502794fb0d4dc347575c825c13d241729b63549ee25964fe0
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCg:+nymCAIuZAIuYSMjoqtMHfhfV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000012280-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/2240-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpEvMsg.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\479090fb4448769293cdfcd1bffe1390_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
125KB

MD5
89d4936c47d936066769e5017f863585

SHA1
e37e4f9a1dab24a3a3cfac9aa7d9b1e688f8dcda

SHA256
7564e7d04972906e2169d3a08d14726db7252a83421b0b55bf0d6db83696f294

SHA512
eaa41b14a17e2d93fbf1b91a9a0d3145351c83ddf7ce2b24318a6030c608d807a2cf8e9c21c9132bd0b5a72f0d567565acab85ea643af7e00cad3911cd7c1a86

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
134KB

MD5
668dc2fa0bd1ad95f15d37c046fe5b02

SHA1
869cce5196cd5dca5d4435172271ee1f47baed76

SHA256
b8693f0dc10b2ab4a6642c98e3a84d59e8d000ffdf6654753213efb15d5c7ab6

SHA512
e7070e5f2e41578e0f40daed415090310334f9fcbf15a6c4246c67b3fce4c7619d11b780b4ba254df6b29f7de4288d64a794a6e812f3b494df984bba71c19bea

Download Submit
memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2240-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads