8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
Size

95KB
MD5

9e8cfbac24f18d41145e311512d4a130
SHA1

e15bc087e86be84116f7f552114cde0e0a29955e
SHA256

8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948
SHA512

e4c75e6e7d78c2436ab8ecafef9b139b7b0f9a170731ae7abf40f32405b32c2fe8f0a6f5b7acc77b7ecc04ba83904df777dcd0e64ecc3f42c70e75b49e64610e
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxm:fnyiQSor

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1020) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2268-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012281-2.dat	upx
behavioral1/files/0x000200000001047e-6.dat	upx
behavioral1/memory/2268-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8ff6dc0be8093a0a1b1621d1f405b0fbf4abdac7e0b71adc62273bf6f24a4948_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
96KB

MD5
669495902899f37c4cceb4a4f87a6945

SHA1
797df28540c1159bcb5c80b83ecba0533a649222

SHA256
86efae832c2f2ba6255c3dd5d0e3a4cdc7c7508668a64c7a517222d5dc5733df

SHA512
105d65cd162ca3c421fb33f8f66902fdb040ccbf5f2bbee629b1fcb3a970cd7fa907b77b99762e9930e383952b9bbfd4c439a689ca2c0e400179a30830ceb240

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
b9bf2f84ed6e51970a7b05e50e3cce67

SHA1
21211d0c48a92cf5e8e867c61c309538b9f83694

SHA256
2301af523e9818d1d48a8dbbd4e5b414c7407d73816f4fcfb31865be0880c778

SHA512
c592fedc029733fb98c46df67392a7a7e114a90c64b784066b146b0407743d627e2a257a68af8fde742f8fbbe2e79cd474c18dda400d71d4303c0ab7e2447c31

Download Submit
memory/2268-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2268-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads