2f629d061cd8244c024dd0921fe701e6e9c27a9303b4cc8ac5efb080ed833224

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/05/2024, 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
Size

113KB
MD5

49f8da82b4ffd62131e04f27bfd503f0
SHA1

b55802e6f1123440eae10ffabfce6e8f8001a6b5
SHA256

2f629d061cd8244c024dd0921fe701e6e9c27a9303b4cc8ac5efb080ed833224
SHA512

0fe80c0e5e56975bf02837148e4f13b72f775871aa04cd1a17075840557669d6afb1e4b1f58a64b2cda473547a4dc2f95e15e031326e2e6b97dda6466aa5b99b
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsNTWn1++PJHJXA/OsIZfzc3/Q8asZ:+nyiQSohsUspQSohsUsl

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2792-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000e000000013420-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2792-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\49f8da82b4ffd62131e04f27bfd503f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
113KB

MD5
175b2570ad90fcf5755075a2807751b8

SHA1
d7c0e830047601501492c0a3f2a772a8ddd9f8d7

SHA256
9f8fe261b1286fa25585d9da409921ee23d636764a094e4040c67f8a1d3ff8ca

SHA512
d45ffb4e7aedd145f0dcd0ff2bea6d7f115bbccf5a379b5ee4449418fd55b400c9543a94cccb2d3d0c2f1aef0d26526eca002715ae88db1be7d9417faa22a380

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
122KB

MD5
63e6478a73dccbdf2e10f47a960374e4

SHA1
fc204190ae9a1f58677eb40d330cb5ea6acda9b7

SHA256
3c473373c6fca54f81b88fcbf9fe6d246bbd61dde772b205c7edd7350ba16388

SHA512
cf7b27be033898a7a274f84ad786085afa67557292a3d10418ac6fd38539adbfa427328b05473a0360cff91dad6af420f741094790716bdaaee31092916c7f13

Download Submit
memory/2792-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2792-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads