ff0ae3321c28359807796f67d66de3e52eb11c8eb5acc3025b49fea61e175a88

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
Size

68KB
MD5

33bd7896adf77575f99f1602b4374d20
SHA1

ffb15a5ef4c2b1c0701e0b382a181cb4d74c774d
SHA256

ff0ae3321c28359807796f67d66de3e52eb11c8eb5acc3025b49fea61e175a88
SHA512

a4cdf383eb6f1b5a6ecb6eea748cc3cd1f5272ca8dee49fe199c4e97706477a1ac5af7fde250f2143f8f0651251bb6b83d6009d9c41a5bba7629af1761d165ff
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZISWh7SWhGC6CP:+nyi/SWh7SWhG5s

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1025) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d0000000122d1-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2240-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\33bd7896adf77575f99f1602b4374d20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
68KB

MD5
3d05fec66f80bb419028c6278d9faf8e

SHA1
0b7310a877fe0ecbda15f1fe9ffe3221f81d3e06

SHA256
8b3e595285c9651eabfefc2da4a939277e1d06c9ae52a03cfc8ffe54b5f9e1c1

SHA512
e2cf3682a1d8d044b04012e178f6b263b6c0f20db695462a94d639981e351e63370727324f6e11216296543accd8d56a03477964bd78da85fbfa98feb3f9956c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
9d1098196ec39464dd8be85f6ec47a79

SHA1
f44d3ce4072fc636452bc87206239dff5a23846d

SHA256
3cbf9f21ed51234bae44a8d43bca9a49c9c83bd9591639bb8d257815d025a443

SHA512
c8aef48d912eff49cb4d1e73e774fcbb2d7a7e1175601d7f6a22a4cad5b7a05a27b71f132e9865c035dd6030292aa117b184a4b7ac2b61ea7d1f53f0bccea1f3

Download Submit
memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2240-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads