36db6832b3b54a79d5f74aca36f097e053f89609f8b6e808dc149a7b0751826a

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
Size

82KB
MD5

825a1fb4cbedb3f98ab245eba3a2e770
SHA1

78840c276bcfb6c8132d528e1f23e3cb94ca14b4
SHA256

36db6832b3b54a79d5f74aca36f097e053f89609f8b6e808dc149a7b0751826a
SHA512

c181d70314531320372eae4e3ed428c51cb8ab150f092656606b4bf78335a13e88611e3678abfe45c1d8fff7af04f244feee6825e49c5af1707ca4f8f2baa572
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJO5:fnyiQSohsUsk

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3547) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/868-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000136fc-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/868-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\825a1fb4cbedb3f98ab245eba3a2e770_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
82KB

MD5
da60b0ede52858cb3ce137572eb5b6dc

SHA1
cf515b9fde67df76ff9fb5b889032f787b51e735

SHA256
b10f3ba77cc9d9ea6a86a457ed98285ec7ba7da8bda23a10eea1a6ad4c3e5f78

SHA512
92afa5fc851f6f166e4eab105b22fd1efd5d6c49b3401251fa1e4a06383ac0501d9160ebc10703e2bb0019ed5e7deb3096bd4d26d0451d5bb614a2c82022eccb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
8862d4b5ffd70449aac2dd1b85e6684b

SHA1
91611f20863b3813110b063ba7501c66e3d0d39c

SHA256
6fe3e758bb05311d7d8f56de0e463bd1eee249ea8ff46d9db867615aff8be4a9

SHA512
f340b96706f8634497b1d97f31ca814a7d7140ecbe24922a7f5e76008bbca7b44376ea25273f765e7cda08919ab34bc639ce8899155316f32b9be8f047ae0201

Download Submit
memory/868-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/868-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads