5e7a9028cbcf17d359b081ae891cbbd12aa70a29c1f472b082353e7967823337

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
Size

65KB
MD5

a98d918e4b175e1b94c093741da21e10
SHA1

30318cb908487b0fbd69b31526c765380c65639f
SHA256

5e7a9028cbcf17d359b081ae891cbbd12aa70a29c1f472b082353e7967823337
SHA512

0b6009a202120c32a1ce95fb65f79253bd982993c1f58574482598d2957a4ad3c1bafe7957fdb5f8387172556c68a7ebf3cd528723ca9f8afe3ae5d17d6795c3
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8J:fnyiQSo2

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3521) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1636-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000014890-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/1636-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp	a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a98d918e4b175e1b94c093741da21e10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
65KB

MD5
710a19f4886ba6762af787f5616ad651

SHA1
c398495b53eb4901ee01b427c87c9a146f82f35d

SHA256
2682bd8dce5ba42c132399fba7f2cc5ef48f4896a7022e60450bf8d3941dbd78

SHA512
a714eb75f379b5fba8533a1b1fba1c575e01805d86cdfa8e6c5643f7d596fb37db116b2cdd4fc41a7d7cb7f39da7ae7c094e6643c31b8367738dbcc0fc961eca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
74KB

MD5
6ec275029d09c1d965e9e92d9a6a6af7

SHA1
74d0ebae2ce12b973b7d7b04027e3a0db98543a7

SHA256
0a46372253873d9c04e01ad53e3a20e0468b63f137770fbf219352913b8478dd

SHA512
0867053ba0c4fd74a494921583208d23bffc1b2dcb0a99e900484b71971d1665cb250c311355c1590223e747935d7c92c2b92b49574f60ee38fdf18859282872

Download Submit
memory/1636-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1636-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads