9a2deb36df20e806c070d529f4a0c74610235fcb763b4d80003ec2241b59e81f

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 11:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
Size

60KB
MD5

7d64c9c7d46556d777db3251ccfcdb40
SHA1

534f37e88132579ebb6e8d602fee00776c884663
SHA256

9a2deb36df20e806c070d529f4a0c74610235fcb763b4d80003ec2241b59e81f
SHA512

a814e05d28af7a95759dd591fd9869d9aad8b467f4493138f78015ee5eb2fc1b98cb80d13d9b2495c021f00bdf2edcf6d4db730c07a2285d766191bfb9b072cd
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8yi+y5gfcL5y5gfcLg:KQSoEqeaqeg

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3707) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000014228-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2364-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d64c9c7d46556d777db3251ccfcdb40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
60KB

MD5
b198722b2144775992b92d3a69a42054

SHA1
47cfc75402d403683bc2820e53e008d32d8eede7

SHA256
b79ee34a646ff7a1363a1b5f850732814502f1958eb25845dae15b47eda66ef2

SHA512
539a12dcb70ccdd2e662e942edf76670af570468c9213dcc493aa22cc974be8094ec346c252af06770a5fbb9514362de218f272f061097d8da48bb22d9bac2f7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
69KB

MD5
8b24c6c1037d0d87132f3ec4d4beec85

SHA1
32469351d56a66088ff46d9176e4ec64d08e412d

SHA256
810d6e96cd3e0e558eb35270e3cd168aed50c5aac60827f9de9535d7b82f81da

SHA512
9bb1237b6c63898faf75631b6b2de763f9c0c78a48e2065ef23a4e54620f7e22e28e198d589ece42484a48eff394fa9e27a86876f89dfd35db036ca046d77fa3

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2364-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads