36e7708fb06bb6332412462e41aeac82d1ca92c9286980f7eb8ac3410bee87f8

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
Size

104KB
MD5

750d9de83812fafbc97727d51bd98a20
SHA1

b800e340b55a668da3247350cb64504ee7668260
SHA256

36e7708fb06bb6332412462e41aeac82d1ca92c9286980f7eb8ac3410bee87f8
SHA512

57a7f91e56bda5b887767fa225a2ef37d4a00a485f591cc2187b9cbe91a13cdf8bd344c9b230e5aac67d831cf535822d9ffd5251b291f2ed12c8a6b2777524c8
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf2:hfAIuZAIuYSMjoqtMHfhf2

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001232e-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2512-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\750d9de83812fafbc97727d51bd98a20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
104KB

MD5
c7be63004a385d04e4462a431d883d21

SHA1
0bf29192fc548cdfa5b3d6f6073caf55ef74fd7a

SHA256
bc31737990bd593519313b9513a4ea809d9d8f71c05e734f63316d6eb790254d

SHA512
d77672e17e33f2f1e339460229038e06b8e897bacb285193898d482dcc77a4bc81cd790364c05c0d46705f425d7048e3287bc43852d7af648a8e3ce023b1727b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
deb520efc1e9f84fa718962290acdf1f

SHA1
b723d8fbecdd5de0112dad6b60e8f79039bbcc2b

SHA256
e03f486102470adf406bdc25b2025afa8b0864dd06707160e3c94fc32c243a17

SHA512
07980719a925a9d93f905b8be8316f55976db771edcb51d314c9ec588d56135ede3934599fab0ae09882724afaafbb95b5e69d3bf1951c61e333ac51480a7b22

Download Submit
memory/2512-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2512-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads