8cdf5fcfd717e40254530c818cd56abe86be7e4bdeb005884ee6d235119438b3

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
Size

43KB
MD5

c189650468f2f594d83d865a2e77fa90
SHA1

e26fec35ab5b72d5a3754665443c5612ba98a17a
SHA256

8cdf5fcfd717e40254530c818cd56abe86be7e4bdeb005884ee6d235119438b3
SHA512

87a63ab28d59b9e6b166d98669028586f71560ae15b4309d62a2092e79eb54bdfc4a1c59e126880c73ba766437f2b091e3dfe8d421781eb752bf1d24f09817fb
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFae:CTWn1++PJHJXA/OsIZfzc3/Q8asUsp

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2304-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000013413-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2304-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\DebugUnpublish.iso.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c189650468f2f594d83d865a2e77fa90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
44KB

MD5
768fce43a00ae80c3a2480d68f1d1460

SHA1
928b1637cf0bbf43e3794ade4e3fe30a404b49b5

SHA256
b30d87631c1f5ce2de90d3668b5907aed182d2e0d070572b90cf0634bf16214f

SHA512
0b584339799e0277c78fd6cffce0472c23558718980a133ad4205071cc96f096f7334086991a5bf705ac29d12a5d6504b822a0153b3eacaa58df64670054aa06

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
08a1f3a008bc79452a1821a4412d423a

SHA1
627754292e0106da9f9421bab5c09be72749aa10

SHA256
c9db9452cf36b09a6eac555ef96cbf8ab524151bcf5c6d73b1a18d546b031298

SHA512
c09e415824f208b99d289f00de0a4e136e7499eab8d63a2f1eefa241a83cd472eb8ff0598392af610976573ae2d9ef6749a1417f5f388bf113df893d514f200d

Download Submit
memory/2304-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2304-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads