70e3818a4116f3331309b0d68ba96e49ad7e1fcca92108868a8ca75a550da205

Analysis

max time kernel
148s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
Size

141KB
MD5

4243e5696edb792c191c52cddd267f60
SHA1

4ff65d112a13d819254f493cae325c06fc673d74
SHA256

70e3818a4116f3331309b0d68ba96e49ad7e1fcca92108868a8ca75a550da205
SHA512

dc63d5f795b973f353a10225a4460945f771e4174fb8f73aa1e68e17241e124f52af80878fd356a92f3c07632913195a85665707a77c5a46210b694204836a42
SSDEEP

3072:fnyiQSohsUsxe+erZs1o8k1o8cQSohsUsxe+erZs1o8k1o8i:KiQSohsUsxe+e0QSohsUsxe+e6

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (514) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2268-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000013a84-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/2268-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4243e5696edb792c191c52cddd267f60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
141KB

MD5
7bf34b3c9789047c08a341cf4134cac9

SHA1
2cd6cdb740d07c493dd33621c7ec9bb8e8ebc682

SHA256
82a25c5e582e89a3ba58fe30bc803af55e20a84e49815204700137688d571a48

SHA512
bec9b079503183647de78b941772ddb399c8fe18c2194c41fd0cbbdac2285e307475aa3184ee0d70414f5546d43c6e92a6aba0c745ea2ede92fa660f31d38540

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
150KB

MD5
e2a1311f802fedfed1463ff66419662c

SHA1
ba3566df0db88d1f93fa32d58794f75ee072d1f9

SHA256
17ec4d6355bab1f10fe90863b24cb27bf617837ed0984b74a751196443f4def8

SHA512
4616784ffd48a7a5083f7f87c7d4cf6506a9f2fc3c2835aeab2b0ce2ad528488ee8e971bb542f04fd466c01c86e99a690a6094697aa43c5e043c57e30aa632e7

Download Submit
memory/2268-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2268-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads