4e7d7aadfdec06b704810a6038d5e97f09c19fe29b83a07fcc8120ccd6c52365

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
Size

131KB
MD5

738a26e2132dde35dac548f48d35c280
SHA1

0e1c56c971e05c0f6c41da3cf80d19e2968176b2
SHA256

4e7d7aadfdec06b704810a6038d5e97f09c19fe29b83a07fcc8120ccd6c52365
SHA512

0150bf307a188866169a6f3b477e820032ae3116f39048aba0399ef604a66bff4656e918dc34b94796c8dc87ca13ba050c5af064db9488ad7a7b6c3d102817ab
SSDEEP

3072:fnyiQSot+opbmMS7BSFHQi8bLRCw/UnEllk+kffteA00afFk/cs2/n+Zlomxgr4/:KiQSofp+u

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1556-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000016c90-2.dat	upx
behavioral1/files/0x0002000000010481-6.dat	upx
behavioral1/memory/1556-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\ConvertEdit.sys.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\738a26e2132dde35dac548f48d35c280_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
132KB

MD5
1c96a8396264bfccd8461feafcd36856

SHA1
599c20605d55b732cb76dcad9107d55e4aa9f294

SHA256
6a6caf234a07e355f9427f7904528dda83de2dcfc7fe2c1455cb42504d3e496b

SHA512
6f28fa7385c4cd192a20898060e280809c8dbec31bec6ab0ec1d42ed88f8caeaf89040dab3fdd773d38f723a6c902805489405641980114c56917a64b5390175

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
141KB

MD5
99da6f403ed5348b5ba98e380ae2c201

SHA1
7080ed392b61bc62306611de335621b0a8dc7d8b

SHA256
337c04001084b8db3652ef0a2a9471bdd668426d6d50cf76349ad51a92fa3762

SHA512
efbf4cd29177c22db04a67f99e348f8c2aa040fb576cc1615914d8c4680526d7961d4ab02fa058e1475d82221cf6eb65fc2cd6a490e9d9b9eb00d2bd8c79975f

Download Submit
memory/1556-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1556-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads