735ba045a2d19e360323a7a34f97aeb7d8fadddc8f99057fdf0cc7914abe9d1c

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 11:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
Size

1.1MB
MD5

52d5cd572b25eba24a149afaae363d30
SHA1

e1cabcbf0c8c1ff445ac1d0a253cc0f8f494deb7
SHA256

735ba045a2d19e360323a7a34f97aeb7d8fadddc8f99057fdf0cc7914abe9d1c
SHA512

4f49e76abe8d795ad8e371dde4fa2b396efdbf2f9e4f272a12b45f5e94758ab0d62b80f72b5791e0a8f041060c21a1e8b5d5ae975cf39d11368165c8ab5c8637
SSDEEP

12288:IAIuZAIuOBgyO0kdH3B6yhiLzi+QqTHjfFANj0Ow3wU:NBgKaS3wU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (838) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1664-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b0000000144e0-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/1664-176-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\AssertUninstall.csv.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\52d5cd572b25eba24a149afaae363d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
1.1MB

MD5
786b6370b62fb8bf46739d62686fb020

SHA1
2ddf475d0df2f6bc64c8c0bb3d98dd22a47d9dd5

SHA256
3cda1b3f0a711e9ff6bce2394d4a0e060b96227abfbda9bff402a5a157df8fa7

SHA512
8f3189f1590e5ada3f70332f06b74ec16008bc01dd581b5b2e3457b35c130bfcb9cc27b0597b90624e7379284669bdddcf0927c26496dbc39da5e0714e2ed975

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.1MB

MD5
32c191f6a18773812df3238e3dbfc8c0

SHA1
9024a2bb5fd8cfedfe38a757cda9ce0e76ce4912

SHA256
a9b9484ab60d88d4ddd55da77cce55dca196089db1385774c11f55b857d255bc

SHA512
a09d5685d27db068d64a48760afa7db1bd22ff5c8819707bfd85f62bb14036f37c156e477476725cdc5e7bdbf3a81f7c40ca5e0b937224979cef566396caf9cb

Download Submit
memory/1664-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1664-176-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads