1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
Size

115KB
MD5

499b144146316f8fc1cd6a7563d34480
SHA1

2eb9a58a6221c991117d076c4b0f19b35f9309c2
SHA256

1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf
SHA512

ade49ba82d633e5691f485cce7ac77df1a447be406153fc51d20a0294aa668b8bffa97c15841dfb8359b306ed0a04cdd1b7afe162f43cdabf10352bfc6ee69fc
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8iTWn1++PJHJXA/OsIZfzc3/Q8b:fnyiQSodQSow

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000013a88-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2220-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\RenameSkip.pcx.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\oeimport.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ea98c7c9df80443ce1e350efa89e88c583d7218ad402bc452f4fbb27ffe9bbf_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
115KB

MD5
b3f1828bb132d64823ceab9004a32b6a

SHA1
ab0d0f1aeadfcacabfa8e3ef41273e4bf892afd2

SHA256
4cff5d154172a534123741e7d2829e9c8801551ed2a567cc61420fafb81d5117

SHA512
45a3a6f458e4e41728d24265c522f451cb02628e46415db23d620c48de8a47a9291a975532964af664695302bb90c6ceb0766c23ca7daf7c22e979564c83327e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
124KB

MD5
a5c906a537963c15d3c4bc07cbad970e

SHA1
3759abf960f116e06094d69183722f066fb1a8fb

SHA256
478dd82d95a438f6604ee807e7ce1a3eea824bec0bd9e6abc36f3e84e8dd7e22

SHA512
df2dbcf97b2cb442b0bef9f73d56440ce45614bce432bd4df62d7de691687268eae5b5bb608a5a020f89861829406097982aae6728919388370becb11205903c

Download Submit
memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2220-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads