0b27b9de4c585983ef417a0be1e7db8e0b1c6f05b3be26245bb92479851a9bc4

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 23:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
Size

44KB
MD5

c11a055e172157ffb6d166de28dba530
SHA1

96b697eca98543da4f52657a87b02688e688208c
SHA256

0b27b9de4c585983ef417a0be1e7db8e0b1c6f05b3be26245bb92479851a9bc4
SHA512

2cd6f8cceba8935a04e616bd165a39b9b780068671a31b5b4299b9ce488f40d8161b0d48e0eb49e61bd3f89846e8ea85c7f62020fcfacb869e77558a4e6ef8c1
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAF9f:CTWn1++PJHJXA/OsIZfzc3/Q892y2a

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3718) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d0000000139d9-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2324-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.EPS.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp	c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c11a055e172157ffb6d166de28dba530_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
45KB

MD5
7aae2f8259efb5124e37cb12a68c226f

SHA1
a23e342968607d5e80b4407a18f815185668208c

SHA256
f337c4b713f2c3e355c01b330ab5dcd47349abf03bebe8222da3290e40dee734

SHA512
43b86efe388e9bafc13da238074fa4561ffc7fac701eb087370d21876fdf9d73ae1a4abfef16fcbb6d8160db47ebfeb464c2b47673a87540a683399cc2d7afb6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
2ed43d41bb0f288a2d3a80c9232edbd4

SHA1
4ef0369df633f42bb20afb35ccded58eeb00cd0f

SHA256
3a87bdaaaae166713e38917fa44d7de09fd27552fa4c8b882f18902f36ef79e1

SHA512
b3c8e9306de311096d331dc8f03f914e3b82781b2f7337b2c1b7b091e520dc12bc0bbdb9d5b4d684d55d2b9a8ad75bbc6ca458f7424b68ea421b24e01e2df24d

Download Submit
memory/2324-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2324-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads