8494da24887d215d9f7dae2825e801479b5a70fdc3e6ca76dccf8f0d875e8213

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 09:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
Size

228KB
MD5

4f15a074407c1438a885c3e7bc4e1bf0
SHA1

2efded8a3bad4203a51dc40973742648f4895fbb
SHA256

8494da24887d215d9f7dae2825e801479b5a70fdc3e6ca76dccf8f0d875e8213
SHA512

5f1345a54eac0d187c86a4215e29b9d5c6122a27b139454e499310dc123685b1c2449d2283a73677827a43de2382868fefc035edf44b31c7720624bef2676b4d
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuYch93g+gfFpsJOfFpsJL:JiQSo1EZGtKgZGtK/CAIuZAIuH3f

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3085) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1796-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000700000001211c-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/1796-442-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f15a074407c1438a885c3e7bc4e1bf0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
228KB

MD5
d1f8772acbfec94f7fd95141806dd614

SHA1
be7805833d88e260d81bb3d149976e65a26518a9

SHA256
7c8a329d16648582a71e1cf178cd850377cc92925e26c1798652180d4bd9fa2d

SHA512
d14c12367edcee61741e6dffb77a81bb571be829fa8bc52b3833a2ae314ceb824bfbaa2b21e4db1dd2b615b74926d47755ea7fba19d0fceccab499607b712db6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
237KB

MD5
783325a5700817a056d33db8b1cd8dd4

SHA1
a6f0bea68373bcbe856f82364557801b17ba231d

SHA256
d64e0bda58fcf8e1e7f5296c43c4d14de6b301af8b67ce2780c66defc3cd9c07

SHA512
1041195bb1ca97358b5f0834b15ba55d39da4c87ab306beef5feb0f9315baeeaa409c4f1379392a477b9c5caf9c0c038f08b4d52f2173121e42444ea2c3b3241

Download Submit
memory/1796-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1796-442-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads