afb198d78e6d177b39ff71f2c996644cfecaf8d4669a2dffd6999e2c22cc0052

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 06:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
Size

76KB
MD5

12b6c5900bdc0a00739f69bf0a41f1d0
SHA1

796c62621c30c88298e81f9f3770d01676b01676
SHA256

afb198d78e6d177b39ff71f2c996644cfecaf8d4669a2dffd6999e2c22cc0052
SHA512

e5cec54f7efc0c846e8cb80ae590dd15e4b6f3a14183da83a888b666ef931fbc3a3e9fde500e73c9bbbff97d99e9313196432ac110d9a8e360822073abf937ce
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8sWh:+nyiQSo3Wh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000e000000014708-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2168-652-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12b6c5900bdc0a00739f69bf0a41f1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
76KB

MD5
2727918cb49f53048e6f734deaf002cf

SHA1
b0b661d8d0a09b021b2ee7551107e9497e4347fe

SHA256
b9e2db4060fa9fbb38ac4ca1d0cd79b7b6d59635505dca1e1541e81ac86511ad

SHA512
61797655a4497a5ad29e805f2ea195741ae457bb92eeb6ee935360d4d62b6ea3e1c262b83c9c824ef84454044c74522371eb29508b5dac4513fa77320305cf20

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
693005152cd91fb87ed01b9c5ad0c6ee

SHA1
18b3627c31317e383ea636569156e6eb479a642a

SHA256
57b1b989454e8fd91fa3fc9453b0cca03c0ae3f54d54195cb7d1ca8602117702

SHA512
3a4a7583602578620240db8d1472b3510db517247dd8a8489110405d36184c61bffaa1b319b9dfb1a68ee5cd370032ad1d4b854509d24232195992a55f778092

Download Submit
memory/2168-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2168-652-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads