73c60b2153ef7a34ca7746554dc4654dd5b034bc79da5d442f34dba768ef7918

Analysis

max time kernel
142s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
Size

101KB
MD5

75c461c8317f6f078ebb9bc5aa4eeab0
SHA1

3e8b7dd5dfed764e2a82ae6a906b7f6c2514cf7b
SHA256

73c60b2153ef7a34ca7746554dc4654dd5b034bc79da5d442f34dba768ef7918
SHA512

03c639a12a15530b5a10ea8c3257e13566457ceb0c13eeb0a48b90c52906dd28ec20515edcdab5dc73c40bfb608651f3542f5aba49ca4d5d6a110841af581abf
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfp:hfAIuZAIuYSMjoqtMHfhfp

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014b31-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2352-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75c461c8317f6f078ebb9bc5aa4eeab0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
102KB

MD5
722a8f35cd93230a7db861973ab575ce

SHA1
0052d7beadfe9f826322d78727abed4ef17d370d

SHA256
1f15817b6b05b5d67a5bef343ed20f4cf497dc14a25ceb75137bbdb2c302e16a

SHA512
5acee67c0bd358369cd128a8f17b71427eb376900b61a1a04592197c700683ff0bf4c568179060e32f43caff786afce10e7b96d63ee7c7613d1c981a76ff170d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
e462cb404813e2e023e5d4bc82b153ea

SHA1
c815a1d1603211b1c930dd831a893c5b5b7affdb

SHA256
d2e6bc8613a5e07d09aef617437b2b6e52a02a5c45f88b138d99eb161be31e60

SHA512
85cf069c541eae669825078dd2718bd6eccf2936c23fbb08bfc4948ae181fd8e06056f60b893a028f6000bce8c47ee694c0dfd280891a9379f1f7cd0aea1a9be

Download Submit
memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2352-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads