073298d584e950071b4c828748f6e710b7a4f58f56e22a6ca9fe69a2ff0320b7

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
Size

47KB
MD5

73e9736675673bd03d031e1ab0f432b0
SHA1

6f853bf049dec4ae02500cbabd49f2a3878a67bf
SHA256

073298d584e950071b4c828748f6e710b7a4f58f56e22a6ca9fe69a2ff0320b7
SHA512

85aee2842ddb61e432103ae09d2e0445c29b9406b88cc256fca1f2f4e276b1a1f2de1079aa43522e795938fcd7c50b00157a0dd3f9fa877d62d0d658b94f2a8f
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz7:CTWn1++PJHJXA/OsIZfzc3/Q8zOU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3668) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000013420-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2100-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp	73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\73e9736675673bd03d031e1ab0f432b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
47KB

MD5
d90755662ac33a50e6dbf451534c860e

SHA1
2582722a9b54290888f5b2efdc0503e4a76a19db

SHA256
d4987da4756f8c08dfbebeea380d55b202196dab7e3c0b4928378eb45dbb3b47

SHA512
edc9c8ed94c3ed9e4171b194903f7ed6d17085eb1ebb02e5f002c5c05367f2a23d64f2538689b56f491c9c4af9b63e984162ac67fd9f2020a18082a1d1f406d8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
92aadd385cc565345802ad2670414095

SHA1
a2313bd918604a6b4b368b19d33e578313f24d1f

SHA256
3b8718c714a6a669d68403c53addb1593a2041698acac131c4e87ef89b7da4f7

SHA512
15ee0090384face39c693cf7d3ab8bcb5cf7437cf73c0bb1829a50565c0aebffb3c420b5de75c6670f1b05a8f99094bec1a9c5490290762ed2bdb9ed2133d441

Download Submit
memory/2100-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2100-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads