a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 16:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
Size

52KB
MD5

7501a911a29403a97094493b01f5fc80
SHA1

04718aecf02aad34bc03de5f8a69bc201e78d8f4
SHA256

a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda
SHA512

e8fa708d4bf4a4399bb68f6afa5dbcaaaa140408f97fd21112e9247371cdf80a3c965a1c0c11b9f775b8062c7ff395a3ce750bd813d6f4969d3fd0218713650f
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZCja0tnmmjfFjfPj6ja0tnmmjfFjfPjfYt:KQSo7Zg

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1023) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1252-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d000000012261-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/1252-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a1459c3e82148f9507c722c27bdfc275114ad4500eff57a6f3c741f3298a6bda_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
52KB

MD5
7707075c987f048658eb6d9db42338de

SHA1
a5de85242e128a8176a0acc49fa7c19ee3d562c2

SHA256
9cc7e58ca4e946f90f7ae6965c8b19baea54281af27df08b7592e78e051a34ab

SHA512
5590a267f7ed411676f7c0f12d2436b4b064b33a9b24fc1b2b9e004e6358d60fd22979a7f2e18f7458a47a876a2647ccd4a79d2ea670e4c1647aa8000b57beea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
382fbfc82fa3b360d8797f5c74237ca5

SHA1
289434881c89163912ab2f4e9ad794f54dfbdf98

SHA256
6803f36a0b97049ca092fcb6441cc0cee4557e02336db67c52d6e90d02eb9bb2

SHA512
0454ee215e1ad8dc321f94a10ab6bdbf4813560b17fc2780fe9ebfda987da7ef0606c421e490f7dccb1e2fd5b9bb481b70f3a15c819dfce1dc242260da0d0fc6

Download Submit
memory/1252-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1252-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads