1e92727ba99cafd0f658470e2b1a135311039c7e40f4c8e15aad9599d785f59b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
Size

45KB
MD5

c16471ae72f7b4e94933aa41cb6ab380
SHA1

2a86fa49133ff677609d77f897cabb99d254a3e7
SHA256

1e92727ba99cafd0f658470e2b1a135311039c7e40f4c8e15aad9599d785f59b
SHA512

d5cd0613287ef0d3394e734788a8d12441c8e37159bb207b77791a9dc74913595d18828e91d19b31ea77126c057c7b019a4a992b95a495e68892891b21e63dfa
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQA:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8fTo

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3761) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1660-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014ef8-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/1660-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\readme.txt.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEDAO.DLL.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\README.HTM.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\StopExport.gif.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c16471ae72f7b4e94933aa41cb6ab380_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
45KB

MD5
cc48d36742067a3be899efdc37b31d5a

SHA1
77a1ef030117e7487469784c64fdc69ab89ef5ed

SHA256
691cf22c100dcf50c91a457ea7ccd3e43e9a2baad7fa385f0a593e56652a0104

SHA512
2562bfcc867bb6469107faa084b4dc37f724c7f5251e9b3b8181fbe069d9b36b6a333a6bfce61d178884530241ae6c487721c35fce18d3878d4b763b357019b1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
a3a6ecd6f2076b5d11fdd78bfeee4842

SHA1
883cd1f6e14bde38d986e0e2dc98f2cfce16ae1f

SHA256
230c606141c462f9dcf0be32f57c58be691dd884c1191b0fa90ba968003b6e38

SHA512
d7bbc390aca3768cc7622acd0af2d7f84d15d1c4514105e6cb0aa8d8c175c69db627261e543a9077f06c7223b5f12dc26a213cf526a51372078528d54b43937b

Download Submit
memory/1660-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1660-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads