7a5a9d363b2192d297d0cd46bce0466eea2eac65e78fdfdde183ceecfcf982f2

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
Size

151KB
MD5

10b722604f1b7203f482e4d22e2b0530
SHA1

6c1a5f6d1dce9f4fc9b289a3778af8566f8c3f62
SHA256

7a5a9d363b2192d297d0cd46bce0466eea2eac65e78fdfdde183ceecfcf982f2
SHA512

bf0c80014bcb0b0c33a41369b0b9619994559177e2317095f4ea7fe8c6a546fbea0e7a683e89978e1d21fb742ce33a4a43199699d350bb044081f4ef20ca6146
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuZnhyKoIWbsHfySkT5GeCyi348oWGRPOzkju:KQSo1EZGtKgZGtK/CAIuZAIub

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2592-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b0000000144e0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2592-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\10b722604f1b7203f482e4d22e2b0530_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
151KB

MD5
c09b2c941f475b7673224f8e70a0e1f5

SHA1
299523cbb85b72214e690cf4c73f89b260299909

SHA256
5213dbbaabdaff6f9953b08dff3a99985a2bbcc84ba39fc9a9f5dfd7883618fc

SHA512
ffd9c32d059014e30cfa7450fb0db54ecc8cde771c081181b20c03b3cb12085645d001b6991669e7410ef4d8ac74e99cb32f9a30f57930da505c5ace1d0ba32a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
160KB

MD5
24ba7d63ced6ecb67942468bcc316167

SHA1
339aa305bd8499dd23ba74df737b26f1ad4c5cb3

SHA256
f5b45f69a8161435b9a3d768b7efbcc15c4cc83e768bae2f3cfe15153aba73c7

SHA512
ba1351910f1577ce6eee69d39178be2fabd72fdb479e4c8346853722aa396b1b95044998f2d5c216b7e7e9f07ea80408a34443b0f4ed68d658c7de4edaaee40b

Download Submit
memory/2592-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2592-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads