6c525e4595f6fdd1152b497a2fbd4948bcfea5f4743b80f20a546c5376bc69d8

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 00:07 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
Size

74KB
MD5

1c36e727c25395afe3a5a2d7d1f6ab30
SHA1

cf89bea4a123fbc0920373d37d22cf914c6c8788
SHA256

6c525e4595f6fdd1152b497a2fbd4948bcfea5f4743b80f20a546c5376bc69d8
SHA512

eb27002bc257fd3afe04e0077a28bec8a3b99ae2277c18c5e7a3b892814db8004be85b084aa40e70a68ea0becdd841ea63a385d68dd8fc1b8b3ef27f1aaa0227
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsWfnf0fB:+nyiQSohsUsWfnf0fB

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3474) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000012271-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2100-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMCCore.dll.mui.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_rist_plugin.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\init.js.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
File created	C:\Program Files\BlockApprove.aif.tmp	1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1c36e727c25395afe3a5a2d7d1f6ab30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
75KB

MD5
7e1cb7b0e635eed561a603826c2f3932

SHA1
253b90113c6fc4125743e0d49d0360fb22a7d300

SHA256
770690c67815653a20a2db1d003e930b8c6a78126706331cb95860fd86da7cb0

SHA512
7a161b155e3943818449acb3804f6e7308a32d8cac41be0072cd4bf8979bcd41e6111e61fb8280aaaf667ab38d85585a3979b44a0778a4bec3456e859df2b866

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
456b7499e8bbcbd4a75f3cf77ec59e26

SHA1
9f0a9ecc387bbc145b305b2d32731b8e5fddd010

SHA256
001d02e57adc2de9bf9b46132637a929f3f3693982f5a01f6d6e04a0cfe6d21b

SHA512
11a87e518f267b3a64d9a365df3fa9ec7666d7f4708eb3fea8bb2880053b0cb880caca9eb06f0b7855f807e1ac952d29984af57e22deba3137bf08679557cf3d

Download Submit
memory/2100-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2100-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.