f9ebc0e0456639a8162ebc456668ec92bdeab3087e123509507205f7f028ea4f

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 19:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
Size

106KB
MD5

20b490955430ac6b23c15701503fe8d0
SHA1

2c5e5a03c33e904b75922e2418db3af8908a6c07
SHA256

f9ebc0e0456639a8162ebc456668ec92bdeab3087e123509507205f7f028ea4f
SHA512

740284b795934099dc9f0b4faadec90c498941a48018e2982f7b1296b83689fef2af6f02189952045f11c33f24293c5a2d76a90315c16435e60472bb87f8221d
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfRbs:hfAIuZAIuYSMjoqtMHfhfzuH

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (488) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014e3d-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1936-20-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\ExpandDismount.mp4.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20b490955430ac6b23c15701503fe8d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
107KB

MD5
bfaa2cbc4c879a7125889394a611ac34

SHA1
8e98503ffacf143b2920f03ac2292a894c7bb5a9

SHA256
b5c2750732476c9dc1af0b05348dc7a96a9f8c6bcc60fdfe795835f42a7084c3

SHA512
9c9326ecb718ca01dd29a922b9cf7b20104c0426344a1ba734cb4a420d1a97cfade3f5a11ec8c5514a4db168ecd8fe8774d00e08bda53fa10fd1ff26067e233d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
fb2cf9f7cd68c6ca4a544f3fbfc3dcfb

SHA1
b63f172f3e098b130447eb1f4e4cb84dbc1daed4

SHA256
5e5e67d2a6ff6e6f13a1e856b3ea31821e1fa4e527d808d77e51e2f22f187721

SHA512
92c9e44ef3b34e222f2fa87b1f20d4da1c41f9b467f9ad66533730e9e82aa758e779cb4ba2d9e8cfcfd89d57d313e3d16ea259e0a38f78cf8ecc77a83d72fbae

Download Submit
memory/1936-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-20-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads