a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
Size

77KB
MD5

dcace620af6e3239d6e1cbeb82296890
SHA1

667629adeb6924619c5ba5372283b28c659cfc58
SHA256

a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e
SHA512

81b08ead5b5ac1d103478c2f6eac7e7cb8332559999314519b78cbd6a8cfa58fdf0f2e3946e86ebdd729be7eb34711915a3b04f62964d886dac98df5ecf9ebe5
SSDEEP

768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniX+puSs:a7ZyqaFAlsr1++PJHJXFAIuZAIuYSs

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3747) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000015d61-2.dat	upx
behavioral1/memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/3032-654-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a856066793cd2cb21dcea9afc76b6ebba977f91945951894ff21b2b942891f4e_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
77KB

MD5
fe352f37dd53c73c20b64d388727b818

SHA1
dec714ed96b23c815416a8b6e182c6c83efab232

SHA256
580a96e9c2083c5f79e4838477accdde8d99f5fabc930acd6bbf5d2e3de0178f

SHA512
4316baf972e28f4e534d326a78206a03e2ccd36d092004c2ef5aca0aa3ec01454ac28bf93afb776ba8f94a27d02d46d940009c5715440bceddfffbd21ff8d841

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
b8b432af6848b46866de7f96f5d7fad4

SHA1
7f460e28b48ca65f231f12d6de471610ae892cf4

SHA256
ed291449f791b3c1ef3ff421c50f708297248f0a5b58f10582c14018fca5323d

SHA512
d51213c7a246ce87b99cd1a3ca883da9dada649ddbb27510781bd4ea62e9256c2aa0cd09b9e74a32521bf1b6df2a071737fdd8ca35fa8ea2d521469ffaa7f580

Download Submit
memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3032-654-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads