2df135b55b592de9a3099de74c7b56a25c9c31b3037b2d1de563befddb4311c1

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 05:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
Size

106KB
MD5

85cc1368d47d3ce40d24475979ed89a0
SHA1

647f3c7158ffaad95260ba6738a0b88dcb4d913a
SHA256

2df135b55b592de9a3099de74c7b56a25c9c31b3037b2d1de563befddb4311c1
SHA512

f4868091629fad6abbf82923e5f90c937bc528f2788fe3e4cc72b64a86b7376c61556bc1bea89282dd0695771372eb2f5dd2b1a0e4ddb125e8ed7d92aeec3f7e
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hff+Q:hfAIuZAIuYSMjoqtMHfhffPp5nh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c0000000122ee-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/1968-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\85cc1368d47d3ce40d24475979ed89a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
106KB

MD5
0fa2f894f363555aae95411d62552265

SHA1
c7972f0a82fece92517851b620fbccc385c5be88

SHA256
ad52fa94ead7b7f5e9be9fbac1c34bec217cd37339c0738116fafeb8af920537

SHA512
30286ce684b0fd2c828d002f4ebaea1a8e6bb8f9146354553d6417c2b03906b4e8c8865371cb91837aae5926720c641fab07a9b4ec6d57aae13dc49609365aaa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
115KB

MD5
b0e33ffaca0781d14572a8c57dfeca10

SHA1
e326de1477c8ffa84d861ca32bdfa74e76f8e225

SHA256
3d8db0c40e1406a2cf055da14d7b06690506aef4823f43ea0765734c4c7fc2f3

SHA512
15eeca0699e70e2b42cec6d0fe55a9677c1c2ced5edf550b46841a5d34c9487c71c32ea0d0841b4fef56a7cf36077afa29d0e7714edbf8c40d3df6b70d10f40b

Download Submit
memory/1968-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1968-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads