de4fdf4f8f33762f3fd0dcfd33cf7c999612c86a2839d5b265b8dc29e0b58a33

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 18:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
Size

168KB
MD5

0d6c2c03cf85df3aaa681ccdd4ee9200
SHA1

88674175b0a41d2d8c846f456764171bcc5c35af
SHA256

de4fdf4f8f33762f3fd0dcfd33cf7c999612c86a2839d5b265b8dc29e0b58a33
SHA512

ec82c5ac01eedc4c524cb31f49bcf967eb2efb349dcf6c84ef6c5bcdb6cbe7723214d4d0216594e15adb5dc113aee58e4f098fa03ffa36bb80fa93106d316efa
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuZn+:JiQSo1EZGtKgZGtK/CAIuZAIuQ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3326) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1520-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012301-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/1520-442-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\LimitInvoke.mpg.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\UnlockRemove.dotx.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0d6c2c03cf85df3aaa681ccdd4ee9200_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
168KB

MD5
618c8f81c8783b1c9fc01eaac9791992

SHA1
57c51c36412bc3c3723c155560c946b4c385e40d

SHA256
57911f4a4ac31b06930e0e67f568b438125ef6d1e28dbcf31a30329e5a065580

SHA512
6dffcb7b913e8dc3086badaf4052552888257f5c53b407ac03091399db3487cfd0297ccb82cf2ce8898dee71ab09494e69512c38c8e06963160e28307dd47a9d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
177KB

MD5
25d2e0ce537eb3931a6593846b7523c9

SHA1
0b2bbc0481e17f6cf60780d9d4bf76f4cbbab895

SHA256
8ae5bc486c66f84e67e42277c0f519d9ab670c83b612dd874baefda1f9f64271

SHA512
818301c37995cb70cfc4ad0227361a5a095d52ed4372ceeb5c036ea69ab7889c4a02de10e9abc764f7bc53c229a49b5452f4829012e24128da3f4ce3f46250ec

Download Submit
memory/1520-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1520-442-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads