5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
Size

80KB
MD5

d2559c85eef55d10438108d6ba4165a0
SHA1

e94df08f1851a579e0eeb439913dc6d9df5b8c0f
SHA256

5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7
SHA512

ce31b6e2f19ddacd636f820161db04ab92aefdaab15bd70f70edeec3a50a22f64dbe9e59ee1152aaa6054e8fc29080790172b1a4416a42f7f0273b920eebec06
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxq:fnyiQSoj

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3502) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2360-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000500000000b309-2.dat	upx
behavioral1/files/0x0003000000010440-6.dat	upx
behavioral1/memory/2360-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ba12fbf0d7d1e3da743605b97735488350489b979c5ff221e7f68d767aa33e7_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

Filesize
81KB

MD5
5e6e627f2ac910d3015152cd11707d33

SHA1
5717c6085f5156598988d42c79d344de178e43d6

SHA256
c380b344b58194b66a2fe86ba349c6691ef180e8fe3881a05c97241d0d564fad

SHA512
f8483507dca764c6eb55378972e65a15753e5bae946edcd427af4a8a51f6e4c037b43a99dec08e2ec76489a69196762f108501de49fa32fda0680f234f8828cf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
57979b84722c718f36729a2a3c17db99

SHA1
f0a9e1467465b89b55a852bd046ed8cca0925f31

SHA256
f4472da491cb6c8a5f410fb63fbc993d58b533747fee6889246e7e1600e1edf0

SHA512
95521e55de81b11bc636e705d95870ba4dd129fcc6cb3b82adccdbb0aa119a5f7ae381ef2e3cef54b68c6e0eb2c9711f759f3278fc3dff3ba07019670fcf67fa

Download Submit
memory/2360-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2360-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads