738d0d9c00849118a506d7fdb8723329b7d7c8b06281e20bf9ed94137d26b2b1

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
Size

60KB
MD5

d061593923c8cbdb33cbf4e795d1c9c0
SHA1

0af6b3215131e205f904372fb92f07865721a855
SHA256

738d0d9c00849118a506d7fdb8723329b7d7c8b06281e20bf9ed94137d26b2b1
SHA512

44957d3770d69d55e7dd04e74245c671e717ae1a7f9bdda2ba320ad82939a3447272abf96629dd8e7e1fcaa48efc69b9cfc962497219762aec7a6dc7e5bb8b1e
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKgyKze+yKzed:KQSohsUsUKfKzWKz4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3741) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2252-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012272-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/2252-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\micaut.dll.mui.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
60KB

MD5
1fa4a1b4ffd86fa104980e7753834971

SHA1
bd710fbb690b7a28abfbe5d3c24ccc7572e4c9d9

SHA256
7fb9ec44fada0f850ecb5cfa51fbd2329f9888f4d5c3985e912db121c10d1e3d

SHA512
73e0fb114c175d198941a6407d51f21e4f7efa8a79663633b7863160be1610daebaf22e3041fadd32c238e004499494b5dd384f6248884e9c089ad3a97ea7ba3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
69KB

MD5
59df0f420553c895f2565baa869d9a91

SHA1
f704e7fd21ec2f34d5955e81c091922fe3cd6550

SHA256
9c60a9e4d3c262cae2235f347f4e2145b197b8d70dd114a3c88f23ce4449536a

SHA512
342c239a72cf5eea123b8c00fe875e56623954c17ff5f2eea60713484723ebec5e93505f4adf025a45c3a5c2db79344ae3ad2af68d99a13fae6ab223e3df8963

Download Submit
memory/2252-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2252-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads