5db666bbd8f6facb7eb16acdade997760037f547d99974f7b4c942e1f6998880

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
Size

129KB
MD5

5c46c31416cf3b06c8f7dea7165e0a40
SHA1

bc7284c22cbd0db67b503968ad5f3b48e1ca50ba
SHA256

5db666bbd8f6facb7eb16acdade997760037f547d99974f7b4c942e1f6998880
SHA512

c21d6a1813e7ce2fd450db7a5a7c58e828223fa1694aa7a07dd4c070aff5bca4c6ee98d920059267bf7c64143c083cfd578542c0c419ca70a46f0bbe832336f5
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC3:+nymCAIuZAIuYSMjoqtMHfhffPC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1732-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000f000000012289-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/1732-646-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c46c31416cf3b06c8f7dea7165e0a40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
129KB

MD5
4c1b2b45de417d03c05dd0ed0a8f649e

SHA1
cb3304603ce4e656873588acd6ca79e3e7c23cf5

SHA256
1812f3a5bfb802acd54a94ddf6fe524c06f962473698685bfcfa275dead2ad72

SHA512
569c6cbd6c39d7549e92a9a9ae846481789d57a0406a7b84605279414a9ce07c9ce213f76bd18623fc014b6fe8fa1220d90facea7c39ae378524a03381552db3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
f114095c4612e32a1ae1a17bd25db8f4

SHA1
bcc6cdc14e49d234a08935ab270b10176a46597e

SHA256
0b920a3027654c7f8ed48dc3ffeaa33f23732d0026c54d81099ad08b5782a251

SHA512
70a6f78232f4c36fa117e32707e5b83f28deda75f812873b7282ade8672152ebf9406920122a41d9d712e246a48404e05aa589f5946000e40b1c73e8ec15d680

Download Submit
memory/1732-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1732-646-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads