6ca34b8f3c307f21d87138f1239b0a2060ae6920e98a4c96ecbfe004fc570d70

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
Size

103KB
MD5

1d050140171aec5611f93932abadaf00
SHA1

726679bde0bad7085863fde913eeae63c228c9d2
SHA256

6ca34b8f3c307f21d87138f1239b0a2060ae6920e98a4c96ecbfe004fc570d70
SHA512

98461b3258c900ad107e392c1612c436d6ac9bbe4dca9f34cafd9de533b0ecb1ab3d7d58aad6b8e74b7896973dcfa9f21b8cefce37b7b0642217a7dfbc3db2d6
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfYcS:hfAIuZAIuYSMjoqtMHfhfYcS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (516) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2172-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b0000000155e2-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2172-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1d050140171aec5611f93932abadaf00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
103KB

MD5
3ec0d9c27d774f29314961e8c36e9f81

SHA1
6654a953d069fb59a6f815cdc4a00d01c87713ee

SHA256
235ced9aa4ffa187bdf84684f21aece419ac9699b1d9dbdf2c5c67195649f881

SHA512
8ef7404db34f03a995e7d23fcc27180a14a110974d13fd1aa9b0fe7a2125dce798e6eda0fa57cc480ebd4ff449fd08f111af5b8cd3aa4c2e2fc33e37ba7984a9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
0a6cb6ce2af6b5402e88da0f2c3e9bda

SHA1
34d2991cc2f98672fc799036385f8d2cc44ef523

SHA256
c3fdf23a60944078dd0714134c87b0cfc8ac25c22d60409a9220830e0222130e

SHA512
1519e38778a83d6bac871c845547183518c61a86e39c209c3e068fd2522c42af14a31d45bd417f934184726fa4d45d856f82da655dcc3f9bcb58e58320834a10

Download Submit
memory/2172-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2172-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads