6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
Size

92KB
MD5

57c8dadaf65e7120f3f4a53e34f60900
SHA1

fee5e0afcfebe6ca5c321f8d62009eb91398c924
SHA256

6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc
SHA512

b52f55423bc5674a6ea601302817eb41fc44b520398163c54e34c862a0f9411401fbc87ff06bc7e28b3e62e754e828ca8aeb3a68a2c65d4d1c947302faee64cc
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxSL/5:fnyiQSo5L/5

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001450b-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2364-654-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp	6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6cdea9b30d1e472b837b098517b3ea55138ad590d04ca8c69c91b82732fcfadc_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
93KB

MD5
68535aa340e3f1bda1b12d73edfff5ba

SHA1
331ea07f347adbeee4d5312b22f4744acb9969cb

SHA256
ac4ba4526a861e31ff38626e4cfab45c857d0bdfbec5a62bbaeec5957ad7dcee

SHA512
b73b7fbb7f67700d5610fc25b328b3f59f3a160e08f0e7645871c9f7c6cbbb7e6b4ac78499b3bb07fef0b135159d68ccb8f802833961e9de9fb84b721200ce0f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
101KB

MD5
b38c3e5caf05c75033bc89f9309e9c4e

SHA1
612558805b3ceda37769036808874a15927ef726

SHA256
e059077d7ec65cea48920c6cb701682168d75ca8b771b9baf627623d9f9ef9fa

SHA512
73d208d7341c16614deb0b8e211134f17b545a1e35a368d5ec4d5e55198206baa468d4ac35ef8552b3b725484e4dd23c8d4ceb674e36ad3c5f49c4f4a6940581

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2364-654-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads