8b6369e5e2cd6e56846c2e2166f79352c8451c48f34752140c9d44f628c57077

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
Size

43KB
MD5

84334597f7875ef7391eb3e74aa52ad0
SHA1

47ecc7bd306305abf9c46381c924a3f94b3e9367
SHA256

8b6369e5e2cd6e56846c2e2166f79352c8451c48f34752140c9d44f628c57077
SHA512

063187c77b14e0306bb378b8911504dc70cd4a7cacfd0c24470dc489abe6637eb2cd611c22bfa29401f7a4b107af3379c1a0adb3d48ae7e32df3025ea13278f4
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQ4:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8v16

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1920-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001227e-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/1920-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icudt36.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Microsoft.Ink.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\84334597f7875ef7391eb3e74aa52ad0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
44KB

MD5
8a33a722d9e3186ba9fae1d3a5939aa5

SHA1
df7b9dcdd803643910ab6b75edd68a51a6e7b53b

SHA256
6a89998d93ace5c28f3cc094ae7b37186590ebd28da3133eeac9ed5d42e01b4f

SHA512
790eb2b6432e84af30c6556bffafc3b22fac5047bd28b5075160c12bdc12bf34198ddc2b1e4123422d13f58889202a39caa8710a617bfe30a496816202268309

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
2b0cee91e1c36b5473e0a33af80cfb71

SHA1
8b3e2adb3fb4b4d9ed5c6fc2ad511c4f8b73f601

SHA256
054eb4cafa8737c836c5a16442734f4e9393e307bb6ba7e62cd92fd32dbf6d78

SHA512
608171ac92f0033c1dac5ffeb65868f196a48737b4224ae0c3c36f1552d42e79bc0e7b1fa3ecc288ea6bd875fc58ab7aa05d40bfbfd977e51dbe7078fd184416

Download Submit
memory/1920-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1920-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads