1e5cc9a4f302b4b00f46340b9f42c8e62790939b4b7cfe90387e4a0136fa754c

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
Size

98KB
MD5

20d5a4b5653b705abb9e0db6d0f7b7e0
SHA1

b71509ae66cb5b489d5f215f18eb168396b36780
SHA256

1e5cc9a4f302b4b00f46340b9f42c8e62790939b4b7cfe90387e4a0136fa754c
SHA512

453a776b7252b58fa20fd4f4e178b66fb67ad7bb4aba1c6f5629c3137947fc4f8073fe3097490a6d467532298a0c3eb52d894031801f1abcc628968a4da4fa82
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJix:KQSo1EZGtKgZGtK/PgtU1wAIuZAIu6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001275b-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2352-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20d5a4b5653b705abb9e0db6d0f7b7e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
98KB

MD5
bc05d1c528858136c257f4b2efed989a

SHA1
09de3039a82a0317e0a2f443d8ab6dc925ee4b74

SHA256
79d0b6d55c0fd4bbbe89cd4582b15abc21699843cb6b34f55513140db51ec6fe

SHA512
895c9cb66bfb066432ff31409991f7b5d5c38ae8ead9b765f19818ff235835c5ff1bebae585a1923117245d3080894ec76a0d0a89216369e7068c780e09c112d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
32d90e782180b4afe93f0cf63bb82965

SHA1
3bca2a03d7d22b7ae8c480c712b21c9336dd77dc

SHA256
09b99819b41f920d491378829f23616c77c342a845953356d65cf029e2a93462

SHA512
b073867f8e22b915a05192791f2cb237c0bffc821e92a4e828b2f8f745cdb5d8bc18fffbb8874634d9ec52c6c7c2e2706c95791ec48f32cb1be7ce61d7a68f1a

Download Submit
memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2352-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads