df4c03eeb4f5f7b5ecab7fbc288575a51f8a5d1b10f9952d728bc036674ff188

Analysis

max time kernel
135s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
Size

258KB
MD5

033dae941982d93aaa04dbcc1c7da1b0
SHA1

0958b5c937bb687c99aaa0b71df11ca1956663b2
SHA256

df4c03eeb4f5f7b5ecab7fbc288575a51f8a5d1b10f9952d728bc036674ff188
SHA512

debf2bc6c1b40592256afcfcf026d07666621d4f42d79760341cf4f25aaf8f4a3e5512c794d33445e60ad16cf28093a514cd9171f3516cb315cdae172ea6ceba
SSDEEP

3072:fnymCAIuZAIuYSMjoqtMHfhflixiBfAIuZAIuYSMjoqtMHfhflixip:KmCAIuZAIuDMVtM/rfAIuZAIuDMVtM/j

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2720) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1264-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0010000000012272-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/1264-514-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\033dae941982d93aaa04dbcc1c7da1b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
259KB

MD5
0d5983c993dc90dc71b9d80e43de61b1

SHA1
33cefe48396cba51a1384b4c56fbb4fe1f8a61a7

SHA256
f526eb66b071c96425ab666261df3513d2aa2870a77d4d4a280ac92ec2ce8be3

SHA512
1c9da2c7b41a0f56d8fd795944cc3ab8f370d4617d277c1e0eb286488c9a9853e3901f3be17c11cabd6abd5f5fda2f5ecbc2a8877eb663205d8350f61b0920e1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
268KB

MD5
8b2ed448e7cc0c0d724e2eed7818cea4

SHA1
2326c13fbd8e268b5e34a1b61940f270d9b2264e

SHA256
7ed64ad3d7aa2d853805f47a578db6bacf70337916222d43c89a7a5af369ecae

SHA512
18f81d8303f898a0090a65982674d0296dc22a9c156b362c4f8d954377f65b1c4fc92155328ff47c2b0605dc358a395f28290697f7af5f37261a35481303a996

Download Submit
memory/1264-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1264-514-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads