cfb158f9b34e630679bf6fe38b08cd6e038949cda29153813760336b83e570f5

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
Size

101KB
MD5

c4623934a5dd04018e8b047fce82e300
SHA1

cf84ce3efd3dd6abb3cfcb67bb7a5a18ff6fa4da
SHA256

cfb158f9b34e630679bf6fe38b08cd6e038949cda29153813760336b83e570f5
SHA512

df53b985a29ece685c0ff22effd8f77974a3a771f81da7b2bd8b20527d9b774017a3dfac0f5e5210d7dd2d0f0a4ac00d25a60c8f776953b80433d8130e170301
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfKZY:hfAIuZAIuYSMjoqtMHfhfb5f

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c0000000122ee-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/1760-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c4623934a5dd04018e8b047fce82e300_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
101KB

MD5
386702977ce795c8fd4be9c64d466228

SHA1
ca20196b86c811c393950dffd2d514938a16f66e

SHA256
cfd2c81ef7cc74e0df2b6ff367df90811b9675e6e4a7c11789976433c70ecaf5

SHA512
34058ca0a8ee1672dbcd93b2a02f60ae2fa9b5b603ff442b75ca220e0ccd5d238f298d58d3ce79702bf7704b8e8f939b9662b3f334a39a69d279be497957cc21

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
fc3cf9adc22d51a691d7573d2f509a2e

SHA1
9fd0b2973332984a61e7939a7d68d60731720ed6

SHA256
1b2c0a522d084d26cb204f34c4ff34e052603e0430001ebd2104a0a9e6cdf12a

SHA512
d402d2c882b4b2f694046cfaaee2aa64f588f6c7a0a116fd23d89f7a051e4b261510091bda1220de2fbc451cb9da4d3b82cd3c7d355e2516668aa2185c727093

Download Submit
memory/1760-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1760-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads