217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
Size

10KB
MD5

c53a265d45ac8139ab770cf2263b3c40
SHA1

087113727cf990ce21ed138c3a6712694ec1418b
SHA256

217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61
SHA512

15975f3db080e7fcf48202119c7bc35ecae4ed569704b2605f8e42fb3986a3dae24137599ebabead2ac760a80e16ce05152b741ce2a50ce63404c749cbc4cf35
SSDEEP

192:QOlIBXawRUU7UKi45I7ZwKIwCTIhnyLPLS:QOlIBXDaU7CPKK0TIhR

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4111) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2328-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00080000000122cd-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2328-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSWDS_FR.LEX.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\eqnedt32.exe.manifest.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEWSTR.DLL.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\REFINED.ELM.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\SkipAssert.rtf.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\EEINTL.DLL.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\BLUECALM.INF.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penchs.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\EVRGREEN.ELM.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ADO210.CHM.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\217b2723094d86568eca442479bcddf91c2998f3055bcce3236f37149315af61_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
11KB

MD5
a4921cf76c97ccab4c642372167e331f

SHA1
29cbd47ad1ed28a8477847d59544bc79da3230a2

SHA256
be1352d2cce7b3cfeacc878fc024a87c0b41f192c0d05252b74ec6e8c26cd03a

SHA512
c3a16b9256e51274f0dea80af3ded86a2d593b1f7b769b605bf2532f48f2a3f7fc42033f0e8992baf60d8e9d32c0e163fbc7702f8b864e9b49ddf2bed8857049

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
19KB

MD5
1bdb2bc03a2150e67109d097c5adf9db

SHA1
5a1cfb6a43a69bb75190f04350c9071f2f9f0cde

SHA256
c7cdd271711b45956be88cf8ba1b51d417b073d4d270687340a4d332cbfad381

SHA512
20667262bdc243cd3bd3e256aea4694c211e7a039cd6412059b1109fca2d2feda973cc6dd0e5a7b7af499c4d06381e05ea8a0c4633f982d274f2da4c989a4b1d

Download Submit
memory/2328-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2328-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads