27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
Size

70KB
MD5

fefbdadea6bd01269b067e6d893de140
SHA1

6940f85edec74d2bcf2e755154c81d2682774eeb
SHA256

27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84
SHA512

6396d8ec1ab2e7f3bfab55612a89fc1f8e94282bbcc65554df1eb94974764937c82186583eada47a097057ebfbc6a6e6f6e67af51046c6b6669b180b19e8e1a7
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8Oyd:fnyiQSonyd

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3749) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000122eb-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/2084-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\27b4dd0bd9e920620e273124db880b4f6b8c04d1e377eef39eafe9425d2c7d84_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
70KB

MD5
43c8abea1e50b05e3ad672a6f4adbf7b

SHA1
411ec475afdd06a711e2510845c86ed7ab7155c9

SHA256
0eec2eb058d90ff4c08a043ac6e1bd6c63fca30eec2441741614f0b85d04feb7

SHA512
e567f910ade7cbb68c011ae14c5d784aa13de994cf0a8f620f0b05c02662123e29c840591aafe3ed8e983489d7fe4b5685244fdef89941d5fc22414392688bdd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
3eda7c3bcbed8b13fee21525b61ca688

SHA1
ed3e4ec9de0373ee36c8c637e0089b996f42e5f4

SHA256
5ffcef3efab969307c54e5509d5a50de984dd341d75efabd5c51a79dc3e422ea

SHA512
236b2e4a2f95bf0e20a80245ebea6da572d82eabcc7647c1f7468e37d8815b311c1c86401a37dd96169ef847ae6cd7205c395dc313c73ce98bdf8dfe4dbd6e20

Download Submit
memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2084-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads