3f9dea027b9cd19d79e18b8bc9b3a189577dee6a40c72612015591e40faf439c

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
Size

1.1MB
MD5

3ad2f8010842c92b62371b8d425dfbd0
SHA1

b42c95243c804769b14a4b6fec148e8f43719b09
SHA256

3f9dea027b9cd19d79e18b8bc9b3a189577dee6a40c72612015591e40faf439c
SHA512

02aa70f21e3c5beee7ef093f3b9c8941283ec2b3ffccc92812e7a60ca1008228b1f9da7edbed10f47fdb6b23b99ff7740db3d78d40761a99c82876b34d6a0819
SSDEEP

12288:VQthsUsWU9BUxM3AZEAYBaSYdyI2jsBCMDYBxHNsE:VIDU9BUxMQgaSYdyI2QBCMDYHHNsE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (995) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2992-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000014e5a-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2992-184-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ad2f8010842c92b62371b8d425dfbd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
1.1MB

MD5
774c98d4240dadb365d183bf372c7218

SHA1
694affca8d2939d0b63ac2095cafc56d9e1a9005

SHA256
0978efa8e4b73e89d565946e5dfb4e88262c91f3c22a232b3d93b7c942e77be9

SHA512
8e057e061fb5f580ad221cfb91142a53c80f0dfe653fddc41e672eeb758b9c4b000b44010fa59a8824fd463f1ff758c04b09aab1172c2c9e43237d2ad6587df9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.1MB

MD5
2936f65c9f58a79d8e0e1823eba0e1ba

SHA1
dc97b24fb131cd97a0aa9839dd020e6fc2dc5886

SHA256
808104df4031b97bb273ef2d832f4647e84690837180d8acabcb061214c199a0

SHA512
5b019859272f355613092c786fe612ab3c4510d6575a112f22cc0ebbc857905a286836e9eabf35eef87856a6473871eb501f0575b715c4aebcadaa9a249691a5

Download Submit
memory/2992-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2992-184-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads