d9213386a39881dbb0ea1948759025288361bbd94a54904a5d44d16583265331

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
Size

52KB
MD5

212e84bd7ce6f9d4418bc6d1cc98aa30
SHA1

f50142d9bed4cfacf275cac8412802cc806f2e1c
SHA256

d9213386a39881dbb0ea1948759025288361bbd94a54904a5d44d16583265331
SHA512

d1e70dae33305506f76a2cfdc4c0971422e8e13e42d0f8572195a4bfe237a3b652087ef19aa42dd228597ee70d3ab99dcf56674870eb83a49bdb9f7e6034ab2f
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFFw:CTWn1++PJHJXA/OsIZfzc3/Q8yiM

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3552) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1752-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001313a-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/1752-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\212e84bd7ce6f9d4418bc6d1cc98aa30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
52KB

MD5
f7a4b513252632b11e10c1dddfebf370

SHA1
a07bea628c9d3b5480fce917fe6e71e7ac98b4fb

SHA256
d2b7a50c52da9c8ace84dde80ed0663aef3186a8f7bcf7ebddc262e4bb77fe59

SHA512
5877d8f1322d70647ab5af73c8dab0e1b5147b2c11ea780d32ae3f6acd1d546e36b17d64742b5edf894b3ce3a00ed11e8d94e6f427dd45618f7206d93ef80d60

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
6c81d612aee02c30d4413484035284b1

SHA1
3a865acc2655365429717c1393d99179d1b1778c

SHA256
06b8c0ba5886d7d6864e2c9617fafc3bd30d344caba826d667ac805d879cfb6a

SHA512
2f037a16588169d129b336092e50a04bff52bed049e871325a21289e5804c8b864f505e7bf97914f52d55535ebba3568dc5acb082170c26dba3e97e9729512b4

Download Submit
memory/1752-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1752-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads