2e2eaf1cf52717b6574566023efd9c875532160942973fa3e720933c74617cd7

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
Size

117KB
MD5

e44cff39a72301b9c467bc6d5aa104a0
SHA1

0b6c23a001d85ce1c5b1f0afa4552238ab1985e0
SHA256

2e2eaf1cf52717b6574566023efd9c875532160942973fa3e720933c74617cd7
SHA512

c920eb7f5013b7b11922f864df69bf14df99411bf0728f5bbedcbf8c31bcadf80e4086762513cfc4d745cb197a7b87c5be94862e878a1a74f84cb831b82a392d
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhfkrVa5zYrVa5za:hfAIuZAIuDMVtM/4yCya

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (487) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00090000000143d1-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2244-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\CompleteSend.pptx.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e44cff39a72301b9c467bc6d5aa104a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
117KB

MD5
20a2134b92740e372effe74e6196fc9b

SHA1
472aaeca90406acfee6d69f04491de2b419b63d8

SHA256
928484d43ba59b641771ec84759c5be7d7c7c1aabba9443133b3c079a3f083fd

SHA512
863ad37e0e8e1054dd90662ecd110904428d335e4f59faa76984e3202f53bce90c6b3768e094c9ad411dfac2bee4fc1fea0496b9c973038f31f9f12205c6b42b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
126KB

MD5
a423b9fb665d7792b467c090714f84fa

SHA1
5bfe44d544ba1cd3aed9977b57b2c02e216364c3

SHA256
903aa05c00cee74c1f468876f83ff9f61252fea601511b288c59fc66f72479f7

SHA512
f064fba3c60dcd69a2cc915aef790afa767294f23a0a06a4f564cfb8eb54fa112c317acdcdc8b0573e5db193cc2810cb9353c5e3d98294980aa8c0c2e047c282

Download Submit
memory/2244-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2244-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads