d0246b58ebf626f4c6ddec31f2df476954c75a9b79d210b660b309f1573320cb

Analysis

max time kernel
136s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
Size

77KB
MD5

10039811490983eba9514f58b5c4b5b0
SHA1

8045d9030bb06f435b2a29e02efd6faa18e92f25
SHA256

d0246b58ebf626f4c6ddec31f2df476954c75a9b79d210b660b309f1573320cb
SHA512

8c96c736634a824e325da9f8e5f9b56ce237757f8380117528fe9591e4443336406a88dc3a061e08ed1164aa8284119f89e65858011be60f931c8676cbf3c01a
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8xJJMJJ7:+nyiQSo1

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3056-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000144e4-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/3056-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\10039811490983eba9514f58b5c4b5b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
77KB

MD5
e5e8491d572587a4e869527c09d245b8

SHA1
8661689c0236500b7f7c2d9214dfc43c763c73db

SHA256
c36188a2954e25bc685eba40f738845a6d0969f5b0b6a830466b265621ec8a04

SHA512
b84d5af0a0eb52cbac887e6db3bf5ddf95ea699bcf0357701f580fec020d69095b4e90614e3a3b497747deffde2761517fd7cd70dcbef8bec78e3818664c0ec3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
d5e68895bc013fd62ece162bfba0b97a

SHA1
e6dc0a49e262f6bf1dd03b6eb8d209b6685f80a5

SHA256
19eb0c1d104eff680165ca2b6189e854e5f09a71478ade8cce2eb79eca212b29

SHA512
393846b797d69f5c9ca0584c0fb2bd9a0cd3198dae943eef1805419c117357ab357cb7bb1caa13bec0ee9fb4be9679a42c7b64679d7508d9b28500b72e9d0d0c

Download Submit
memory/3056-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3056-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads