92e83dd4d45dcf8cc257233a435f09dec0f1bd092f793cae55cf94888ea7a7d9

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
Size

109KB
MD5

5c41bd3c97975f8b135905c2131f5580
SHA1

4145565d3bd111f1a8355dce2a696f13b354d1ed
SHA256

92e83dd4d45dcf8cc257233a435f09dec0f1bd092f793cae55cf94888ea7a7d9
SHA512

3efda2c5bcec8538da90a86e82370e3b8db316ebbe511d7908e0290bf11005ec0eda54856dc03f235738ed8e8c471f56e16595f660205a2ca9140fd684c4d3bd
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hff+W:hfAIuZAIuYSMjoqtMHfhffPD

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c0000000144e0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2040-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\RegisterRequest.ppsm.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpSvc.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c41bd3c97975f8b135905c2131f5580_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
110KB

MD5
949a642c1ef426ddf57e566c63a02602

SHA1
7db8a437c58e6c88bcaad3b80421c86ea8b53c2f

SHA256
6869847f1318907927d9f0338de1f9d8769c03f695e131540298ea14639d9af6

SHA512
60b4659999b11bbb1e634d774b2c5d46ae42d7297fad1a6edd7ed5ca581492368239e69de7e2dd5b7ac0f8619fd3fbbdd86c6d77bf23ff091baeb3808cff234c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
119KB

MD5
fdd8fdd964787f9723d00777ec975206

SHA1
0ca5e9c7dde5509c3d8f0490577c1b6b3e2e29f5

SHA256
b02de853ce6f61e7fb22d3fb9f261b251a5eb907858e1a47ee2b6617cd35eed3

SHA512
34f050fe5aa1b4dfb2c6d44de581671825da65fb3b896166e8eb92bf59e9b53e32fcd62e382e6e358d264b4b5af7413d0371d62c4e1847f6ebcf75c671f1aac2

Download Submit
memory/2040-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2040-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads