46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
Size

73KB
MD5

3df805695a5411e32d108eabd8baa6d0
SHA1

d46a535120d969deb72d90a0d6ca6b57251e67a1
SHA256

46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38
SHA512

b35016a6f46e061c4af04b51175db91a8cd829ab7ecfc1abe8846afc7fdcd4050156744050354b286498b7a13081095d9b68e6f4699c0bb30ccbaa79beb632ba
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZgE0:fnyiQSo7ZA

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3680) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2920-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d00000001232e-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2920-654-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\46a1cff6d7955b6e9fd1ae59beb0b9c4f354c43ef6facc0a2b9875a8611cfe38_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
73KB

MD5
6fc7ac5b59f3e79ae1997c9e5303dfde

SHA1
a9b3fa6e4315486081c7923641cc3c76f78513e4

SHA256
fbacbf9f98c6cba8395bc850333c14ab02866565c5c8b1494544c248fd257548

SHA512
c276afd73aa93b4ae5ab39817ab9046518c8631af019a882963dfe1b83e1b8df291ce4f31c307aeb649cafab61ab12c4d60811da012cb6055f3ca18d16994dd9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
7436b5d0d88c697b97045446666743dc

SHA1
0627fe1f7439dd00255d430205bab991089b8721

SHA256
acaa9699854483451b6c360ff97238efdce0d14eed63c2694e999fccc8e3bff4

SHA512
59c9246799f5cdaf147b6924fbdb8ae5141656f5dee3f098e13568580b86b6889b2b1394d19c0bea90b6a2889786771de1ddc2fdbe1366e65a2e0db427fa4120

Download Submit
memory/2920-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2920-654-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads