c18d59fc884644afb8c6ea190089c87519dc399836283010d7997bedd31d562c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 06:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
Size

113KB
MD5

b0fddc5d6db6c680829e0b0eceb3c7a0
SHA1

94487f4f4a475c4185917647426d831d7af0073b
SHA256

c18d59fc884644afb8c6ea190089c87519dc399836283010d7997bedd31d562c
SHA512

1bddcb7fa5fbd4d9ce0e3f65be5bde0fcbfa30cdf9bb42b29d2faccb696ea66c2824386ae729e22f8db09a1cc1be58485d321f28eade6ecb6e3a173d823ed8f5
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf5Su:hfAIuZAIuYSMjoqtMHfhf5Ssk/6j

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2008-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b00000001226d-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/2008-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b0fddc5d6db6c680829e0b0eceb3c7a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
114KB

MD5
10bea565eb8b51f10b1fe43519e7d919

SHA1
7c261c748bd0e6860561d4e8afc9307dd3d002dd

SHA256
1d603db0153de2acd4c289e6b86ab44bcaaea61d0811474520fb2a3798f5fa4c

SHA512
4a286024cfea61f51bc48294ac5ae3a0963ed56474e858cac41032efd875679b9a5419e0ba9dbe729ddbec2022cb351e311695f36890f4c990a7bbcb37591895

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
123KB

MD5
66097479befd642388105b146a58b83b

SHA1
dc1e97ae29cdf580058e32cceaa413c36dfe940e

SHA256
1668b085b9c5e79125937f7acf6fa73bfcf716bd9b8dbf1bda55a562f3b21a39

SHA512
523edc2f50844cf0055a89024004f08a3e778a3ae11c42f3b910fcf0beb08f8e988f1b2771a990d5ef91d56278b90a79dbb30c80af506784fd44a0515a6b8e7e

Download Submit
memory/2008-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2008-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads