66a4245a7d86a810b14f7acdc99b5a5cbac77ed795ee82d74ea076d59311081d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
Size

100KB
MD5

93dc5f73d006528814568b1c67ec5db0
SHA1

13714c921e66a15fa58868bfaa31e528290dbfba
SHA256

66a4245a7d86a810b14f7acdc99b5a5cbac77ed795ee82d74ea076d59311081d
SHA512

6cd6e8b6e140823787175b2f6c2a76bc9d06547fa754dbf61ad164a0e92d6894cb9d7fe820a4b17d3b16fb52bf4490c648473af60dfd5b75de786f5238e9f26c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf5Sg:hfAIuZAIuYSMjoqtMHfhf5Sg

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1660-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b0000000144e0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/1660-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93dc5f73d006528814568b1c67ec5db0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
100KB

MD5
8aaaec536ed17409f8e64e6d52bf3e8c

SHA1
ed156c1186929302f08862ca777c77adf9c38080

SHA256
537f61ecf9afa3420c6aeeb64fb165dbf85b003c5b3bf573163f95af1ac7bd6f

SHA512
891d89023603e24e0ea64859206c760e703c0b2d13f8c5d463cef432f3c9cedec1c2e4e640c20fc48a9d2ed3f6bda2dcc218f96c514f6a4ac95c4af72d6ddf56

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
bb3f0f9d595dc1b4bdae00e2c4b8e415

SHA1
3ce8f5fcb3120a8c0b025abadbe2532055442390

SHA256
8dec568cb585737fd97426eb585a2060e15651a0dc8dfd2cac1dd8f9f2ce7c8e

SHA512
4a2f6dab9f6facc273916c67bc16ee8f0cc6d17e293ccec999fd329f1f714da1c9624f74f66eebe9b45c983e8a322e45e6be95418e942ca9bf569e9b9f103cb1

Download Submit
memory/1660-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1660-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads