6a42c385897dfba48eed3eebdc1c0a3595290ea344b02c12ebcdfb324e6f523c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 07:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
Size

134KB
MD5

a0be7c5ea79ccd7e1f3735b89dcb27a0
SHA1

e552cf500f996de529ac9a7a73824fa7709fa583
SHA256

6a42c385897dfba48eed3eebdc1c0a3595290ea344b02c12ebcdfb324e6f523c
SHA512

0103b749f2f88fbcb7747bfafc647fd3a0bfe58c5177b2e625b8995a67c27e737948959dfff95e3ac383bbc06110f042b103d1460b375bf8966b15244f9bccdf
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCj:+nymCAIuZAIuYSMjoqtMHfhfC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000013417-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2064-642-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a0be7c5ea79ccd7e1f3735b89dcb27a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
135KB

MD5
86d5a188f5f08f96247db14b9a096d90

SHA1
515816855f0618908da0397666941187a7f0485a

SHA256
eba82f44f6e40b29b280771c7c7a63ee064b5710c05183aaff97634cb581c39f

SHA512
684285a58a32cfa3683f5dc0c4bdce8af72076393eed954554c19cbdb275ef7430847cbafc992cc05ec1b407a14ad9ffbd1b490c5d0cc4554c02960d8cb06c9d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
143KB

MD5
21afb3e15422bb4db5569b009a6c6ea7

SHA1
2b0cba4fa78f0a6e432f6b2bb291a461d894c98d

SHA256
678578b1062e5292628a8c7f873e1e5643bf7e939f120c43805656f311ab52af

SHA512
82b542e6f2b921d4a64ef18ee5baa6c2b4bbe35d1d7156d207d01a5341084fdabd1284e3c96e89788f65325a185ab4b6fffde31576371bb2f4103cc77e17af82

Download Submit
memory/2064-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2064-642-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads