ffc53b0c3026746ea5d8524d7ebd38754caca34b8d29bf6e7b7bffd3ed4bda9e

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 23:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
Size

103KB
MD5

551fcc60bc93e1e8f855d58853918860
SHA1

c535621ea6af7b9d8606e326038fb762ba1feb31
SHA256

ffc53b0c3026746ea5d8524d7ebd38754caca34b8d29bf6e7b7bffd3ed4bda9e
SHA512

b42281346b3373272a231baea82be514d59b5131a4438d1cd2d1855ff9e9358aafb6830020faf3caf65e5a2a9730779131ed7a993da4a877c08d5a906f5ae82c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xn:hfAIuZAIuYSMjoqtMHfhf6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3466) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001227b-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/2980-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\551fcc60bc93e1e8f855d58853918860_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
103KB

MD5
5914ac2fa7ecdcf0dffde9083b9d9a85

SHA1
6e0369c6079e5033bf3bacc2c799f45a687f66e3

SHA256
7f88bd15f6b5149284336697aa5e461701b9605d367143e8197038844ef1ad50

SHA512
71df3d6324230a67e80fa9d354ceae19f9e5589aa6b867115f3d7825e64b888d872208b488d0d9d4dc09e075d7e92e1f505e4853723670d712528e2aef10b804

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
f75376e731f47ff8f91607425d48a411

SHA1
e1a919041b98f6103c5da3d72b53b5d745b54a2d

SHA256
e598c0f25981f971eba225586fb1bfad0afd7cb84310f27a679dfb724c9577ca

SHA512
18b350b411f83b0ae059885e150df5709b080991f7ec478168a1d33c9c187eac329b321a788e00e8c25482787766ec015452ab995a27fe5f636759115d661ddb

Download Submit
memory/2980-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2980-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads