2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
Size

171KB
MD5

9d58798895cb10b36df51ad705884990
SHA1

3f4e830e8528ab9d88db7c95f2149137b66a68af
SHA256

2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6
SHA512

0c54e1e3002d12070bbd50c6462a4ddc74e39a87168bfecb60cc499841ab935ed740119367a76cacb48f5525456079f1dfb2793f2d76c1d4b92d494cdf51f392
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q89r2NpJYHdjotnE+WRkAlUrk6Y:fnyiQSofPOdjotAR2rk6Y

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3407) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1812-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d00000001232e-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/1812-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2c9bf4eb7f2002b45f9d5549eb6cacf127f128d24c9e782a8ad4b22e6ebb54a6_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
171KB

MD5
a18d704dd0e965ea67661497834c01d9

SHA1
d083994d8d3e3b6fe51316f4f13c068b3ada472c

SHA256
030eed250cb86eb13d51a0fcbb9dbcda4049c69f090155ee56800babdceb725d

SHA512
01b1f02432aa1507ba18b232226ed46a2df11d373213c6bc8d6f49549a142052be245ff7e7ce5612f74926c7882419b7b521e69e03bb4eaabef706f617461a09

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
180KB

MD5
7d74c9ccf2df67e9b2d4e5cd7bff3f32

SHA1
45e22c5803a6dc77f79ac3a56ed80ce3921e83ec

SHA256
b3d46644d2a39f8122d44731e24aa610c4ade6d680e001520a146860101892c5

SHA512
1b0c42a0fa1a50187e70337141c0e48f4f99e708fa32f8dcf4a0d27c3153ec8c66bf95c0d8d822784d3742f1873c96ad9cbe2fba305f0ce2367e124baab3c83f

Download Submit
memory/1812-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1812-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads