e0f43e6cc4999918588b786764f81e3125cfc1440e3bdf2fbe4e1bab209d99ab

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
Size

113KB
MD5

0aba2c002be94be85a7c18d9ca136a80
SHA1

1b25915db584f0361edb2bbd25e99b7f0a29add1
SHA256

e0f43e6cc4999918588b786764f81e3125cfc1440e3bdf2fbe4e1bab209d99ab
SHA512

0454e0ae369f2f70b2ac8674e383437594fd9fe9fc3e2faa2fbfe9ac4548da8e5191d462a87c5c279e8c0be34b881231701708287ef5f39cb090d3ad915f1110
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfagE:hfAIuZAIuYSMjoqtMHfhfagE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2424-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b0000000122ee-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2424-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0aba2c002be94be85a7c18d9ca136a80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
113KB

MD5
2e7330a1565ac474c5e15262f3bfd696

SHA1
d91f0c03114ccec46a3e4bc8074450ef8f5a21c5

SHA256
8174662912f0de95d08e06730e931d19e4a91ef0ad5dfd9bf4650a0a18c5140f

SHA512
6ecc67e8ffa153149112e8fbdaf2fab15008feb8ae61e55d41f3ff38656a8c6b995725c83ec0f04889cbd5da59082c4c0be6df786cc90ebfd6d8eb90d1ced703

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
122KB

MD5
c6fa37cde79ced027f358b64abd40f8f

SHA1
14082bae409897d0331755ecbff12207e585a061

SHA256
8df31bd84738cb45b7bde6324b37010828c6be3879449b236632dcc0b70ba2e9

SHA512
c6b9d79deb519f447e1e64b355cafcdccbb49447754b2aa031207551de15d3e3237156a1a7068167f99351c728482439916807e72885068dc185f304a9493e14

Download Submit
memory/2424-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2424-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads