d314a9008d21921aeb0f8b2e41925ca87b7edb268a8eec6e12c6b055ae633654

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
Size

82KB
MD5

fc74a00dfc99915d109a5c7117784e10
SHA1

0031270273259f3c2043cc0750adb69c9e727f48
SHA256

d314a9008d21921aeb0f8b2e41925ca87b7edb268a8eec6e12c6b055ae633654
SHA512

2610c281a9f32072e0e9859f441839d393c62eb3d2f91e9fd973a1fb8bbdabbd5904a82168c8e63859c32f5e19eaa5c67e52bb983833a56210f1cd113af360da
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxkqGUBM+PocOQOFPdMRAHAASnnD5D5l:+nyiQSojUBM+PocOQOFPdMRAHAASnnD1

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3542) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1812-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d00000001232e-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/1812-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\fc74a00dfc99915d109a5c7117784e10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
82KB

MD5
858e62b9493e74a1fc1b1d9b91ea7dc2

SHA1
9a8966c492f003909cd418f376f55911bbca7dd5

SHA256
cafb03608ea6282d2cc0839c14be982dc9a9c15573b9a8b1f1c019db70603910

SHA512
3d537b3661eeaba2c5c077204c465556763812d9cb31866f96d4b3234d08f2ef466fe5e2d2a9d88f1db328aacc00aab09bb60cc9dbb0a0ff3a488273c8cbb6d0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
3da227f6e21f51eaece1208ce37b71d3

SHA1
f6783eaab111ce66bd5847027f47cb3ef4fed308

SHA256
d04012094bffe6296f91b608fe80f5a519fae0b63c1875f90a5c473171810c3e

SHA512
460def437e071ac86891a902298aa8c0f10f66e75dc098abb7f9f70e5a49be38838a5ee0e125a0d57f50710ac5be9e6241d645fa8d65170b648682cbbe2c2c54

Download Submit
memory/1812-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1812-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads