1b822c4e2d74b889963fc6b92fad2afedafe68fbbd7c3a125b38eac179b84b00

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
Size

54KB
MD5

2698cc9509c2394f6344f6e3ff02bc40
SHA1

c473a7303fbc0e715f6d233490aa603c742ba86d
SHA256

1b822c4e2d74b889963fc6b92fad2afedafe68fbbd7c3a125b38eac179b84b00
SHA512

702e1f0007aa5723fe4d9d3d81b4e53ff00cf9502816a646a2e8369163700c90707d88af945262d9133e63e377144814ee449e56a56f76012621ebec3d156d35
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFFg:CTWn1++PJHJXA/OsIZfzc3/Q8yiE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3691) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001226e-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/1760-80-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.log.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.tmp	2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2698cc9509c2394f6344f6e3ff02bc40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
55KB

MD5
7ba107eb1d0e8805ebddddbef0b2fb62

SHA1
b0e4566d45d58e1235f720453050033ae9644ef1

SHA256
cf486a23ae6d231fa306f083cde4f27dd5b68cec9c0965b8bfa7a960f83025db

SHA512
b945a01ff1fdf78c0a82b6d9fdc4f5516ab0901bba6433329d72b09cadaaecf6c494198fd71c4253a2477fbc09a6db86029a2ec3b6f8ac4afb2bd42e107a9eb8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
63KB

MD5
e035bb3f45d6f094773fa303ece2640f

SHA1
34dce4695426db4c4a586138bbe4103f87790fdd

SHA256
3092e155c49b74bd0aec06cd6da9964df6692c76074cdfefd1638079372d2e1c

SHA512
d074f9cf36652178c85252a00aa537c2310a19785a0d60f95ed5cc70a25aa4066b6334517b1f4d90431134b2b3611721180d1371d5c6ef2b7af1a1078fc73ff8

Download Submit
memory/1760-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1760-80-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads