773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
Size

52KB
MD5

353caab0c0745a349912e1c1fd952750
SHA1

a1c5ef9723e80dd7fc50dd44751d4cb33aa0351d
SHA256

773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e
SHA512

20ddf0226a7bbc88b526eb11e583b2a6afcf1ec2e87bb0a3235df134d1736f669bbbbf1e4635d24aaa68a240b21b41539cd426e0f3d7d721f581d92bdda1e05a
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzm:CTWn1++PJHJXA/OsIZfzc3/Q8zx72/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3749) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2940-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012120-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2940-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\773d7da09b610d836b3244d02c783d5b28d179a13c8e10f561210584343f4e6e_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
52KB

MD5
01c8ac18979d0a5300db0b6485c9ee5b

SHA1
c25d8246f4ab2b8870a0ba14506c57ccfc1abf10

SHA256
92091dd4a4cb5f00b6685a933871832a71ea25f9883ad491b492de1123971659

SHA512
55e0224a6c29f7bf79fb429a8570fff281e710281421759833699989eca0939bf667e7245ac5ca4fe6ff6dcb5d41ccfaf3e962a07bd8c26139d6d074bf7730b9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
c1837cc60b231fd073ef4e5c2031c195

SHA1
fe426f35793937db27b7e02e711f9396cd66822a

SHA256
83bba409d2de504f492d4cd3e6d9efe0f33650136767034e7168ec6cd5de395d

SHA512
11c422068d4e8b7a49ef65bb86deee198095dce9a2bf77e6fd9140cf96b852accc1059dcd1016eba61eccf6f3e2fa5c4e55573ad24d860f1cc5d12d0fffe660f

Download Submit
memory/2940-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2940-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads