eafee3fd0dd98a9113a71807aa25e5468d3a15e012cb8a988c6d1fb2eb827a48

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
Size

89KB
MD5

b6127ac6c5c7e1b71d152075bfe8d3d0
SHA1

bd05e884fae0d6770899ceabe1092277b8ac911c
SHA256

eafee3fd0dd98a9113a71807aa25e5468d3a15e012cb8a988c6d1fb2eb827a48
SHA512

43f00f160b2fa9a6bbcf8a08b3c1b968fa333c113057d16d6e281e9684cb7839639e7394de2ed7828eb206ef09299734ce941173ff2f894d4896e02a850346bc
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IA:fnyiQSohsUsWU9BK3A

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3477) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2092-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000500000000b309-2.dat	upx
behavioral1/files/0x0003000000010440-6.dat	upx
behavioral1/memory/2092-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

Filesize
90KB

MD5
ce4b3c3e1052d1e808036fbc9d1f7677

SHA1
85a3cd376492271aa26419b85be778bf06fba536

SHA256
5a91c62329889803a3391082b11541321cbbce89649ba021618e17727fc3ff82

SHA512
a4e90484368ae9ca4073c7f94d6bd01d4800a78725df45441ac13d58c8761fb9ed8e0645d645c0aaa449d7e72f7ac2f06311fad7b753c5681d9f1755f5a3a6da

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
36596de9fc47097eecba6ef3015da1fc

SHA1
1efd082725ffba43800f16a4febed1d596a3f389

SHA256
09609c88ea861191785f850eb1aa7260ef63200357429a6d6c3c786c95e57bce

SHA512
f620828a0d5f8d43449d1c3c1417de57a29a78dfb0923685d769604a93f8873eefb765bbbeaba12eb158f0bcc1986e0aad5c29c4947e3c58a57fb8e1927eb7e0

Download Submit
memory/2092-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2092-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads