ef8d261c1d422948a78822241d313a3f3ea8572dca0a73924dcb9a353f3ae70c

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
Size

117KB
MD5

6c6dda23ba7b7cda65530b47e6789230
SHA1

140963b8ea4bb38e5ee7bccf7eaf4280e3efbbcb
SHA256

ef8d261c1d422948a78822241d313a3f3ea8572dca0a73924dcb9a353f3ae70c
SHA512

715d4746eaf0240b1b309b108db84dbfb6758cd47bfed17f9c2df9c1e684f5e91c41a3e201ef2d37dbfe78e8dcdf44d3ba5bdcef38f59b197c20970e4071aeb3
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfliG:hfAIuZAIuYSMjoqtMHfhflixim0H

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3480) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001226b-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/2984-78-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6c6dda23ba7b7cda65530b47e6789230_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
118KB

MD5
815edc5cc63a00cdb83bde7c178ed13e

SHA1
1e414524fa5aa94fce2655f0cc6c74a07d92a62f

SHA256
f955576d9398b63e9852d30279e0a184fbe796f02c6f4f4957632876f20dd759

SHA512
822a27f5adf7c483d64793e017532d102b3fac8e560afa46a86cb9ee315c5bcd49e0949dd6212a90bf5c7bdf9b38c53dddb02901e5e648760fb8a0950a8f6da3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
127KB

MD5
6220bc509546c4241114c08f23d75695

SHA1
13fdd4acf9a7a77634047e639bd577be1cf6028e

SHA256
8993c1a2ec8f71d7fc05940beeaddd290c07efb2b1341187da271f5d4266dbf7

SHA512
10a1a786d5f149ad9704f87d56a25c9746338ac6991812c621f42b051ce8096e6f0ba318130111301680c9481fcb8a9ba6533ebbcac825aba5b6556c5a67f9b1

Download Submit
memory/2984-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2984-78-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads