222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
Size

72KB
MD5

9b676ff1ef95665f8e90d60f6b2aab20
SHA1

ffe51ac99a7809d3f975b7a82d60b97910c2f0cc
SHA256

222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc
SHA512

d0117b2bec39a824fccebef1c22a8d98d34bf905992cd060425fb43af150ecf436cc7c9e6ef6b994a882956a2a5a0cbdfabf45143d4f5bc8b29a41390e1b63a0
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5tWIW4:+nyi4Mef4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3656) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2020-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001227b-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/2020-646-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp	222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\222048604e47fdc10765eaa19e0ec18919b8ef258049291abf62d0d9cbc407dc_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
72KB

MD5
8b8bf23c5eec96dbfb5ccff860909a9e

SHA1
0bfa949a5581f994b9dfc10a051da202550cd4dd

SHA256
2ef9c4d5f5e8453beded0931fa17c59008b26d8d8d6e3c08eb01ff614ce12338

SHA512
d615899821bfdc4d6c76e9f55dcb5896f73a4a57d94f48b224a38fb1011c2ac146473fe787d87944dae2b12dbf95447dfc0cb30b0e55e393c2cd223914d839dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
bb2134b981a30fb74d35a9449698efaf

SHA1
6d5bb95074b62b38d0a705b5b8ae51ed84c7f642

SHA256
83e6ef72efae6d8ae1be9f744f160a31eaa5e09ed92e3079203bcff58e71661c

SHA512
1a4670c16f0d48f6aed386a0627382fd19452f57c23911bcb413b96b379bfa1cce5b80ff3b44b5ceda4527b852b2b09139f50fdd0b0251b217d57ae9137c3b10

Download Submit
memory/2020-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2020-646-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads