b95f41c18ad3ed2dc4a3ed22913be0693aa6a28f0c945c013191ac4819740496

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
Size

108KB
MD5

5db09c51ccd471e8322ff80a1ebb32d0
SHA1

15d7697873b33ed220887f689a9879d4ad6208ff
SHA256

b95f41c18ad3ed2dc4a3ed22913be0693aa6a28f0c945c013191ac4819740496
SHA512

068fc2d4997522d77e65b998749ea3d6aef949ed76d82fb239cc5b7cd55a2dc8e0f43007b9d5ccd213e94c6d10dfa81726818f26b6b382b857c3ced11a33a535
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOb:hfAIuZAIuYSMjoqtMHfhfw

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0009000000015b6f-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/1364-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5db09c51ccd471e8322ff80a1ebb32d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
108KB

MD5
78d1c1a432175a8edbe1c44ec3759e2f

SHA1
04a1fb16c79a7ec210a271c318966dd9cd0bd0f1

SHA256
a7facda4265678ab5c9bf616515f620f70bacfcddbf4cb5bd2dfdf74520594e1

SHA512
2747b99253adf0260b2047c1371a2037054c53078b7931919ebab27dfd7cc66fd91bca35eca18679776db4cd8b386c50a0d02d25dfa6f8883c3cbd7241243e45

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
cc556acf3d954efd523d6e5f00215370

SHA1
90a908cc66e4edce01e1a7fbf3cc747fcdb529b0

SHA256
4b83af1589e099342bceb38f6898e35a797bbd6ec3d381100cbb7aa180875aae

SHA512
31df75ba720b7df64bdc6a632cd647c382b23a22236e0f2137d13a5fafe7e8b9f2e69b9bf6c22236b3318e1982fc6b883611ed8d0b13519936f7d8afad3c7cb5

Download Submit
memory/1364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1364-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads