872ebd9ed967038940e534daa4492f9407fd3c7970a4b5ebcc570788c24d76f2

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
Size

111KB
MD5

1541a49142ff44d8981a0f8678f6af10
SHA1

265329d13bcaf602140e3f636fd29905e1376bab
SHA256

872ebd9ed967038940e534daa4492f9407fd3c7970a4b5ebcc570788c24d76f2
SHA512

64b2212b34b2befe915b045df1aaa20ead6daa0c517ea3e96ae1619fe4534f35e3102fc4e48adcaf368117126e7f358954435d8c69b1c49deb71d68073a707e6
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf5SI:hfAIuZAIuYSMjoqtMHfhf5Ssk8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000012263-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2208-78-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1541a49142ff44d8981a0f8678f6af10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
111KB

MD5
bed5cad6667155169cc10cff6cb35550

SHA1
f5493b27ccffbe488a36ba8c27b22c741bc17808

SHA256
509e645f3a8cf9eef72838a59b3d536a887af4b151d29bb87ba0d178bdadb1e4

SHA512
84baa3a9d9e8b8e08a2665840ba47e2afeb6f9a237b31240e02cc129b3a3a5d830c636dedaf51d966079746d68bf8de78e6e2f161f25f6e083033ccdb5e8e352

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
120KB

MD5
5bded54700fb2626ab68bf5ff68ead1b

SHA1
f675322b080afc1345b8ff40c9bac1b20dfe6d3f

SHA256
3d40b2ca0a8626f53e6dda6a9ee03a22dffbc153397c4c4a23f8cafa4d1814db

SHA512
01bc6a0cae96aeb9f86d220d7f9fd82f4343f28102fbe91f1382b037107b2260e37516ec9e148dc76e39d5382b5b24d4b5902e1b5861b0ae1441aa79dded6d71

Download Submit
memory/2208-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2208-78-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads