bc705525039579bb1bef77207c4e1578718a94014d5c36bea8a46170b3c5fd2d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
Size

240KB
MD5

2508cdafe17535d5a7d8bca1d1eefdd0
SHA1

67ea2b730e2133119a9d1f54c94dcbec3fd20e2a
SHA256

bc705525039579bb1bef77207c4e1578718a94014d5c36bea8a46170b3c5fd2d
SHA512

92988900906e87c36d529141b1d2a1711c1fa382432e90d3f793d1815f9e7df0a3ff4e47226ef3e01593138c0f64cd1f4dd4fa5999ed9b9a746a3acdab00c2d1
SSDEEP

3072:fnymCAIuZAIuYSMjoqtMHfhfAfAIuZAIuYSMjoqtMHfhfm:KmCAIuZAIuDMVtM/GfAIuZAIuDMVtM/w

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2850) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000141c0-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2364-392-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2508cdafe17535d5a7d8bca1d1eefdd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
240KB

MD5
0d96ec0029d156cea3eb970ae77bc99e

SHA1
09685e951509683ae6956821c123bc97e8148963

SHA256
f9ea3c1daa928529a26bd1f9eddc765dddf27d5eac40a949d251a5b6bcf212b0

SHA512
2722338ce2854c021baecae3a12cd53169a3e62c3dc8cb28eeca3fc0b71451f66b68a9d0927badf7cde6fa70493aa150cebe83bff0b4034ad122694b6eeed3dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
249KB

MD5
4c1218f50cb62bbb0fdf6ca6976acbc3

SHA1
dc57ec8a773abcd8e3f321b421bf60ed8cec015a

SHA256
510908bf7a45073b49c8776df70c24d0b396e300af53af27de66602414c7db12

SHA512
1e3dca9ad0729af0192a7a86cb250c1457e8ae6c0d9c4ea1973493aac9dd054c3cd48e9b5cd813c94317cbd4d5cb0d32663ac0c04e91afd3416fbadd8af825ad

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2364-392-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads