b0b26d22056c038fd9821fa8f4399932198e8b7b8487584a7ceb43913e3624af

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
Size

72KB
MD5

d1748a7c11eb896df30b5644f96c072b
SHA1

27e2127ca9a9f95f91b839ede8f6f04f3e276e18
SHA256

b0b26d22056c038fd9821fa8f4399932198e8b7b8487584a7ceb43913e3624af
SHA512

115e3b21ffdda58a8f5519eac18f8325a3ce6b49be251c66526bf85c161b93c2802031ac0d68eb47b79ece2bdb17cbb7753b33d0a0dcc6aa135e982658b9b3db
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsi:+nyiQSohsUsi

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3496) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2884-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00090000000149f5-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2884-636-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpClient.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\service.js.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d1748a7c11eb896df30b5644f96c072b_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
72KB

MD5
eebbd45c20aa362c52b6ef12b7eb1e54

SHA1
551794fb83f21b0642f606b35a2b4d085e282c29

SHA256
17866a944b31a73b798a517f5f52d449c49ae98461106ea3a6b5453520c3c370

SHA512
5bf41c53d6204d1795c2db89d821ed66a889dad12d74bbd1e4a4912d82df54c84dc981bb7df3be548644854f0175679d9de613130a10ce7bc6cb40aa1a9e5010

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
df781480bd92f49817133471400a6faa

SHA1
43cec9f95b709f06062100affb42d4ab111a8bf5

SHA256
2f197411f31b9236f9125370a10ed589be16633a634938643c0d1732797c14a6

SHA512
8f7802d9d1967807caa39dc503abd14fb0338ef2a037ab29286c74c72210eb4251b20d0e9e2d0e7ea9ccbbfefd5a81a9cc9d45927b8d58b489fd83e712ad2151

Download Submit
memory/2884-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2884-636-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads