47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 07:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
Size

1.8MB
MD5

69a7c18e05a0b49ffb3a6fbc4c9ceac0
SHA1

29a612312ee8ff3e505883f01fcddd3d136db5c2
SHA256

47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d
SHA512

799b4fcfe575d778240a1a8e8264fafe2f96a0384c80b7db038e44f5faeb345f329871f952d69173b81e30a32d613cdf1c3ee44ae00e35d1d43d73d7abff770e
SSDEEP

12288:VQt8GwtIR0XEybX/aqvHIzckUPPyiwRoVGwhGARqOO:VIzjR0Uy7/XIzck0PzweFhGuqOO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (371) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000f00000001214d-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/1660-160-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47fa87a80f58c616ec0f7d8bb3ca905d9b788eeab797d715db8bf2dfd188800d_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
1.8MB

MD5
c8c8ba9772b9e40fa39d9c4110738c9e

SHA1
6fc20df3c06682ef25e4eb0335414f4a9dc7d8be

SHA256
8241eec0b95ceb32d2cfc970712bc96bef17e1562a277846d335e6ab4a839f0a

SHA512
d65c5e63cb58fcc994ecd1f2ad1010aa8653a5fef86b93d2bf5803cdb7978e574cbad5c8e59004fe6c0ccf03dc4ab3aa32b44bf237a8e45228baf075e1d2098e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.8MB

MD5
a0ad882911173a557f4b2e2af417e01f

SHA1
868f23cebaa00c1217bb37e60c83e76cab2f2e93

SHA256
4f9c77447cff4217b6a644d9d4a6305dcd42ee43e4845a844460fd0c26d3f96b

SHA512
174afbf6246eddcf3c5a9408002a76b8cbb804031bd1e43fcfee6964e20739815ea91e788c6c816d4fe8395c59087ffa52020fd1f3aee0275e9b9e861db7a090

Download Submit
memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1660-160-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads