68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
Size

128KB
MD5

cce8bba886259f03957f447bbc2046c0
SHA1

81e8f474603353b3b75455e1e3bf94fd695197de
SHA256

68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103
SHA512

10b06cbab51c8ec4eeaf840db8acbc2cb965aed393489898aa69e4e76c6518cd555470f675303e07066186a11c88e976067e9b8eb820b21b608ff6e0502ebd0d
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8MTWn1++PJHJXA/OsIZfzc3/Q8J:fnyiQSoHQSo2

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3449) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2664-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000015d79-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2664-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\68b15a625dcde8a3777b66474ae4819d5f22d260f2afb62762053f1be2481103_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
128KB

MD5
d1e09a9426c8123f1c1a879817fb62d8

SHA1
54a034a5456b3b90d7f1a469ee7af4ae32589b1f

SHA256
11d28c2e90b5358423c43a411f3afe8cf8603354ae061c6c3eeedaa367603c79

SHA512
4f47b488744fee37e34d97b13ff8e2bbb1a6c2eb175a6bd9c02d5dc2ac89c7644bbbd19c9a6e26c2a0611b753d6b154ce0dff68231e01ae5b8a764c81d60e7ae

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
d7d9e73e654d2b90fb9f1e8b44dcbfc8

SHA1
f21c52b544c142a279b85b565bd125466a337cb5

SHA256
9f7fc465c0df091eb5aa59698f93c3b6c0a50fb8860509aee5cd2a2a779be79e

SHA512
2f79d8c1f4863537936d6a5edfd4fd48769ec2a8bf14fbf8e8864bf5a5705c48ada8f3bd6a776a7c62a7dffe4c81f2e7144dbcc7f358668d9da72ccd12b1b82b

Download Submit
memory/2664-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2664-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads