3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 04:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
Size

72KB
MD5

48ba8d9fe0ac42cd90f38077d1e15610
SHA1

8abaef09718f486974db5530fddc1fe61fd04818
SHA256

3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13
SHA512

b329d6bcdefdf0a71ee2ed224ecf62ee609bcc512df82ee92fa527b2668bd17d5a2003a16d73ee667b9c21f00230bcca86a7ffb18af0427db40cbbd546e9aae3
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZv:fnyiQSo7Zv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3720) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/624-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000015c3d-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/624-652-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b31df7f29d0b88fc95eca4383aee8af9a9de7df5dfa678e78b8e940d0167a13_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
72KB

MD5
9ef02bdeab0139e5b3ce5d7bd34058bd

SHA1
e91e1efb388f3c3f88fef3789f5eb4253ce82dba

SHA256
9f05e7da9106f5f8276633735e2d3ad7d1e4445a953be67ff9ee68f95b6bc266

SHA512
d0d31f5678a965193471cf6713dd1652562d761f7d1f89def05156b80a126a890f67c1e4b22499e12baaf4df65ccd8ad71ec0826a6ed46c9b18793280795c469

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
826d24eb6c0f549842fb1baa54368407

SHA1
8a8287de93e4e70195a586ba693a6db356c47044

SHA256
403f04e6194dc4ff6804fe71b9dd565f7a02f2f06738fc0312918658361b3814

SHA512
a09dc98196d76c9c5f546ea3609233ef662f1712917640d3cbc035f78880f36026547cbfa13a2c8903c133808483a6c188a497dd42673a6d76be1baecc3d03b3

Download Submit
memory/624-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/624-652-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads