52c17c396a2041b3b1023879ad3510a3dc975fbabaea164f91e5c423b597bb29

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
Size

108KB
MD5

816971a5bf861fe572641866a58835f0
SHA1

2a7679214724bdbe3c61969d32687ec511831af6
SHA256

52c17c396a2041b3b1023879ad3510a3dc975fbabaea164f91e5c423b597bb29
SHA512

818b61800b9e468e4971d194271e882223fa2c8333dc47a2bfc0e2741f58b9778b058694a0f00ff91b3ae51622b68a9627ce6f3dd057f5467aeb3e336ad896ca
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xU:hfAIuZAIuYSMjoqtMHfhfN

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (779) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2956-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000015a2d-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2956-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\816971a5bf861fe572641866a58835f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
108KB

MD5
7fecfc41d224594a53e8cf1917de5dd6

SHA1
0a34c27582198bd3eaefacdcaec5b3cc77224479

SHA256
9b8d74bb1bcbb319744c986bcd3ecfdeeba1ad4a529c799ad10822299a68c7a5

SHA512
6f2d692ef08b856a081ea171c1acd717c069a2afd3ddacca41f9d069aa4220fcfb329f38d53662541d65fc20dc8647b466f6ae8c5984c242c7540aec6c214955

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
183b7d39fe9e7226ddd32cccca7e8cb4

SHA1
9ee911fc89deca9df3601c779cc793ca89cdee43

SHA256
9fb364375a70a20c4a90ecf82e91345f8617adbe8e06e8290b36d8581c7a8ec0

SHA512
3c821124ea22e415694043e6132b77bad0cd58f7418651becd378dbe32f01ab89f89f4cab09d216d6abf7e65410716e8f362c087b3dd14731b6f76280b7b143a

Download Submit
memory/2956-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2956-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads