4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 00:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
Size

91KB
MD5

0f9cd6f1d9ac34f091eaddf8e6a0acb0
SHA1

28853b6d45fb16922885c5784c937ef87ffd9349
SHA256

4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1
SHA512

dd7e83c289df311134f4e7e86b14c31c091d912a91d4e39f3d8add5d1da45a941a9a529ee5168f0aaf0918950f39ba14cadbae6d513582698bec10deb49e1e7e
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2ImLPLTa:fnyiQSohsUsWU9BK3mLPLW

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3493) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001444f-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2384-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\it-IT\Sidebar.exe.mui.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icudt36.dll.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c551ba7016f7b146378a8f6b11a53982d909779809dd0de1a72672f9e5e14a1_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
92KB

MD5
fd04940cf860eba7dc01d13afcee8cde

SHA1
5c6cbf7da1eb5ba72dac7fc0e996038398374e93

SHA256
b7bbea058beea17fd0c9874bce7931b308b53304e76951b384cdd928645fc578

SHA512
3697d18470697b738d21588a339c3a10b9da44d7477483fae5298a3c73ec9f7c368877cedb0c918617c5b17f7d4a13c60d8de899e15e8f9db48face87d6b2381

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
101KB

MD5
40a7e8756ab04d6f4585a2768811f592

SHA1
c08aaae8571f9275541d89bc831659fd659899d0

SHA256
02dea076fed96b462eee0a74c74180e07de5b4430b31eeb7150e80ac66a54293

SHA512
10abc0fb93badf2bfb91f8be570d4c99683b6f4e36008b8308cca7915e3be95318d9572239760a2a7859ab93e8e9e72f2afa9310bcc7495a3cab2f29783b4291

Download Submit
memory/2384-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2384-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads