c21b03bec7a6314638a85162059a5ee53c2df60d07089706e4864002a39a77df

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
Size

70KB
MD5

886effe70b5dca28ced14cb2c5ee3720
SHA1

5f1c099a726cfdc4439ca61800bddbe4c4fb53f0
SHA256

c21b03bec7a6314638a85162059a5ee53c2df60d07089706e4864002a39a77df
SHA512

052b0e5a73258693d38c6214745f2ec66f8edaf7bd0f179010294f4ed4cef89b94d76246ab1f6040c2ce18b2c2c204e8786a8603dd42897742454cc25a12611a
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuoJIFH4JIFH4:enaym3AIuZAIuE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2176-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00070000000122cd-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2176-646-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\library.js.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\886effe70b5dca28ced14cb2c5ee3720_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
70KB

MD5
a4582fc233b8da942b9f141ff554c4a0

SHA1
a08208057046f3c8c1c37f49612782d2cb09f783

SHA256
f0865d9dd3061fa484ce6d6c897aa8758cee4297aebe3db6c0e45f9735d7da11

SHA512
30a064ad47f863f3b1dc358191402d61e7304c268f74276c46057aa70550ba7530c6ad0640493799aab8c987a4fd75d70f9a0f2041c6cf6a6d3a94984a1b9077

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
fe9a6d373b3b585718f179168da1cbfa

SHA1
00a05034c51b63272b3f4db4cb7b6c882f10a07d

SHA256
c77bff679a3374556490856b3619965a880f8cc99d665900bbbd6c1b830f2fd3

SHA512
a8ad57b0aaac6ee8f4180f2ff06ec65251c2e42a3f9d64f0f69cb44c9ba86412be97559f3cd7df34cdee0aba182c79c6b1d381dd08a15952ae3195dcd528cd79

Download Submit
memory/2176-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2176-646-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads