c89116c50aab1cd0b48d4dc18c58647c7bbf15b507253feda861f5567c119546

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
Size

108KB
MD5

87012b027a54e9105ed25f8a6d32b8a0
SHA1

1b675db0a1bcbb04d91f88fa421bc7e651c2f264
SHA256

c89116c50aab1cd0b48d4dc18c58647c7bbf15b507253feda861f5567c119546
SHA512

2806b519c356c0fc68fb6f9d1ad968c0732690cdddbebad9ac6f022682f8c8b20d527aeb29e9da2f21e84f0be8292b7a1c8a07f02400c6d9d56a5e7b76c765f4
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfS/Z:hfAIuZAIuYSMjoqtMHfhfqnZ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2016-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000013ab9-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2016-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\87012b027a54e9105ed25f8a6d32b8a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
108KB

MD5
c9dadb5913a4626533226987e09c72a5

SHA1
5d1e26096d0f77a7159043f6be4bc5ad99b11e5a

SHA256
5be1697a9ddb0715456965eeac50e2cdd9cf358f1909a53996b1ab5f218d7f17

SHA512
7eaa95811e86d79142d83d9113942a42f99883c5bb85b2cd6064122e534b7321b0ad2ea17b0068b9b1b4857bd22744196b705e6ceb99a7363fcff00549351fd0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
6faee123e217cebe819bf98b90bd4fc2

SHA1
259cf41b17e3440664a15e32bba7b00630f8f82f

SHA256
254d5431afd782526662a63e1424ecdf63e8e82ff2dae1b959ee47b96690afb9

SHA512
209c936e511dd020b41d70b1c5e85cdca3116d905e5a82fcd2673ee27a065006711d8dfd2692da283dffd1f595f4b5d17e614fd701ef32b72256885288728ab0

Download Submit
memory/2016-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2016-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads