c0109a96ade02667a48ff166a557d7cfeb8062e78bd3d0cd6c906e9c6fa761e3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
Size

114KB
MD5

2fbac6a4da5bfb5d106b84c886484bb0
SHA1

2bad989c4915b619f541516db1958f3c2d5a12ce
SHA256

c0109a96ade02667a48ff166a557d7cfeb8062e78bd3d0cd6c906e9c6fa761e3
SHA512

8230d47adcebe575ee58cc8e7e3764ebb7bdb36ef5e1697a9a72c4f434ef563ea17c7a06aeb34746fa0eef3d27077a0ae8dc1e22b07d18d8690419d9075ef428
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfJXM:hfAIuZAIuYSMjoqtMHfhf6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2916-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000016813-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2916-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2fbac6a4da5bfb5d106b84c886484bb0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
114KB

MD5
7176a1bfb8dd4bbb743458237b59dafb

SHA1
b436be6dd953bd8a9a0def6d0ea197ac2db89c4a

SHA256
be02045c676352638c0421442041dc51f5d2c9466b859090f311730d05760d0e

SHA512
54515ee2a192f60fee0673427c2b83504fa9e407415049ee02658dd3be55b7212a95400f7f5f2e89e90184bbaeb8709db97e8fd9bbe7cd1da6cf41fe997f1cea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
123KB

MD5
f2a09e4b718d297c77b17593ab5a9a25

SHA1
4c9e14ed76d7e463e2f49452146245f5d5c5a1ac

SHA256
1506a1aeab84c1b0823a0b3e54e8d7b934657bb9dda48c80ab0d9acb3e4df193

SHA512
25f4b02f083cb2c077cd0a1e3d9bf448c5b7109c05d10eb4698319e9a4ffa7c7929069bd9255ce80a2de4fd905b2ae3407e517b3bf85c8b8a0151a73c4ac2194

Download Submit
memory/2916-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2916-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads