03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8

Analysis

max time kernel
142s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
Size

135KB
MD5

e8a633b0588624f3d0155adedc3003f0
SHA1

ddd6390390a6123876057176072dd8338d2777fb
SHA256

03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8
SHA512

4e2f9881d375196fcea304c768a7158acfada24d6bec0125f71ec87653c8aea7269efe89e5fff170310580cf6ff4739963cda50838efdbb99565b7ee109e8cf6
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx5858lTWn1++PJHJXA/OsIZfzc3/Q8Z:fnyiQSoo858RQSoo858d

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000012263-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2208-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03fd36b986963230bedef6c535b28f30ee8c07223f3f4244e056d6a8c5710fd8_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
135KB

MD5
c6fa5d0554a4bbdc1c632e15804e1a3f

SHA1
08a5ee2a00302d11694078311c50668499f7fe33

SHA256
5b2985d4946657d0c61ae9ac8d473042aa9de38028507a277568d1a09ee6dd3b

SHA512
9759b51a1d94a4cc8c691ef6ce71550b207db6ae92f7927f74004531c76a11fe275f0e9e5d028e42a49376c449738150e90117f184d4447e4385684489099c85

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
144KB

MD5
4a55402d84547b571c957d6d8c3f1d27

SHA1
aeb6dee364ec34ed4821c0cccbe8e11b38230b77

SHA256
08d9836c6b976eb6164b6193b174ed505b57e22351282f4cf0fede2e833079fb

SHA512
078b16b05619d6e0f3c8064048df4dc84232d41c5387210a286c3ae5f29395327d7bd170a42fd04cfa123bdb3f141749dfbdd2bab818fda6cbcaba867ad097cc

Download Submit
memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2208-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads