d3a5ffe38d027fa18bbc5985bce3148f74f684534e61f1af9202316b03a94d15

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
Size

55KB
MD5

2b35c8d36743e01aa3dd9d6100dc9f60
SHA1

4877a453b178d8cf71efacd532fcd9e4934a2d61
SHA256

d3a5ffe38d027fa18bbc5985bce3148f74f684534e61f1af9202316b03a94d15
SHA512

9a27bcd1d13713181b216fb198e6f7f62527ea5e7c0f668ce79b2f4643615a5b23434845c1ec57fa6ed23b591d5933ae2e66f96e0aafeb64c04542b70bd915f7
SSDEEP

768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFJzWzJ:67Zf/FAxTWY1++PJHJXA/OsIZy

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (558) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001441e-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1968-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2b35c8d36743e01aa3dd9d6100dc9f60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
55KB

MD5
5546c5469d69dd7f177f5d31caf6bc3e

SHA1
533878e3d0116c7d8642a108e56204cba6322db7

SHA256
a87ed87532413846f3b6238cc3fa2ddf2bb30d76fa047af64563052875b96f3f

SHA512
7ae4ae5cc7e6597266964ccfd4cc8b064b417be212421187ac95b747c3b69b0c83cadefff8b44d5dbecbec32fe437e1175510f0f7d1e64fb178910f955754fd9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
47b5190f770a4da00001eea65406d5ae

SHA1
7e6a1bd71b5107568908b620d5545a159118a5ad

SHA256
7ee466d036c16e5d09dc532b3f4d4f7d2f07a99da894aba1ef6bf605004a53bc

SHA512
967b5bf0575852fe8460feb7ca862bfe07debb02ac95a0e8306c54c4aa4bd76825beaa71fb33fad12cd465520481254b45be01a306f03b4951bf536ca38e855c

Download Submit
memory/1968-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1968-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads