5459a13e7ce3d57bbded555654c36db472b4db1ab0d193af29996ebc5e2f0f12

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
Size

108KB
MD5

74b108507b1219fb0229c84e4c2a5880
SHA1

9eb3bc7aae8d2b5856fef928a4a263bbcb28d67e
SHA256

5459a13e7ce3d57bbded555654c36db472b4db1ab0d193af29996ebc5e2f0f12
SHA512

a356bd89a627d639d7a4e601b2768e241add42ce535be8c9393a460f5f222b776d2a0cbc84e800ecdaa6b4f38de5ccc6b71b3cf14706810be58110f38e8b665e
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hff+g:hfAIuZAIuYSMjoqtMHfhffPd

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d000000015d59-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2064-78-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\74b108507b1219fb0229c84e4c2a5880_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
108KB

MD5
66b225644313dabcea9500d6f04cc815

SHA1
9bb574fc857c83be747328b5785b597c3eb1226f

SHA256
f75d13428e3cc3632b21d344df4379a3df141caef5f899027aaff131821ffa22

SHA512
39373a62a2653feba83341ad0dafab088f2549be5799ae6cac8ff92d695e4932886e610c2bb0b8e62c4b0dab4d5e3f65b6cee5cc3d7d5728581377e10346c6ee

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
4c09e1d43f4cbb58181f64b7e96d08e8

SHA1
cb8520d90212d010d678fcd9e98e8710e1cd8a89

SHA256
12126578a1028a364a947ba76a615186f48b5a4d6b3b0a3bb8d171ee62935ff6

SHA512
3c6e13a0689ca61e9a7a7c2779bd6358255ce553382c0195ed6e6c4639e0c1fa2e9a35a54e46a93714d2b7c4b4d7bdf0e46ef50a595dac0d40181dd2fd009a66

Download Submit
memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2064-78-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads