a10a47ee70804e2668210d93d33ddc345f089139a871c122536de976227ed595

Analysis

max time kernel
130s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
Size

257KB
MD5

4eb0f755f3786042149297232fc72510
SHA1

2bd6ef8cee238107a14e22008488cfbd5487c9db
SHA256

a10a47ee70804e2668210d93d33ddc345f089139a871c122536de976227ed595
SHA512

ea3ef5cb781b733a37c279ff7f9d779976ad08425793c6a2a4c63bbeecf98cc6f6f9b2ecf3610d80c2170c9ffb62c61425bf5ecc9c1588b17a9dde08a9b297be
SSDEEP

3072:fnymCAIuZAIuYSMjoqtMHfhflixiMfAIuZAIuYSMjoqtMHfhflixiz:KmCAIuZAIuDMVtM/mfAIuZAIuDMVtM/J

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2612-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000012350-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2612-500-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgzm.exe.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4eb0f755f3786042149297232fc72510_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
257KB

MD5
5c830a64988132e91a4225efb4965662

SHA1
4d6855e2c1285a021aea44e60df50558d1bd6e09

SHA256
751bcbeb837f7f58c68efebc86b3ba69ed3858dd9a6d3a25634a757f6b711dad

SHA512
f6ff84f21122dd2f4a25132d4206ada45e820a66ba2f7f230e2da04dc0b29a0883f73077e3d8d0fcf62dd5dffc7ccaa70078f55a50c4489debf50b66eb0cdc2a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
266KB

MD5
7b96614462eb658c53b7fe5fe0a2377f

SHA1
e7f9b4f4a1c7c52084685a192a85b03650989f70

SHA256
6fdd068f3a39770b912374e63744aac4facc48c43da323bd4012a77014293f4c

SHA512
85cf2ddec7999c3a8cb95014f8a4200c316f739411baa7b8fa009405c536156108f467f608587649804b220a1c9d3b1b64e13dd403938eb06a924bc29b13a081

Download Submit
memory/2612-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2612-500-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads