4b3fa85b2e72155c2d09d66f57ea6b3463c36a842e5ac075815c2bb3de248613

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
Size

191KB
MD5

235a96bb51acefab4622ba3eac37eb80
SHA1

7b6d4e180c82bea3f2856750b33c1ca02af209a8
SHA256

4b3fa85b2e72155c2d09d66f57ea6b3463c36a842e5ac075815c2bb3de248613
SHA512

7883bb64bc382ea08878b52e68e6eb59ec3e0038abcb1f6e6525723558683df5c360923f2b8ca8055784dd79b57182f155d16323b5ff5ae3455e18137d2a1b19
SSDEEP

3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIucSarSa25gbem:KiQSo1EZGtKgZGtK/CAIuZAIucSarSab

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (418) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2896-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000014698-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/2896-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\235a96bb51acefab4622ba3eac37eb80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
191KB

MD5
7aa5da2339ef9d9aead6d6bd67bc3fcb

SHA1
6dee529f6125eed21c86cb69fd8405660c29a690

SHA256
4c02eff091727101addeaf05b341072826cb1587b54bb0d191d59cdfa9f95447

SHA512
66662bf4fa2fc7db2c055fe0fd336a43dd64097a00a81f5621ef0356f3e7c0148a77b5abc043309c4577cce1f417125c238ac86c85a0e8984241568932823aa4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
200KB

MD5
c395adef6e9d705779066e8eeff6bfd9

SHA1
9d6da81d3b7d99d08d331c043dc6d1f2418304c9

SHA256
187533513fb7fb60d972182d12e3442f6fedc265e6c1d4d953d2213e548590bd

SHA512
0a1710adbde450229f0f2bdf648fb767b10c621a0def05e404b783069f6acdf21a5ca9f38ad78a2a170a3a73f2f0545b054a6b930f630e919a5305fe30da711b

Download Submit
memory/2896-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2896-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads