b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
Size

66KB
MD5

cffb29d27b0ddedb115434b113d59620
SHA1

c29fa058192f0625fd6626bc59d6ae11ddb01ee1
SHA256

b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f
SHA512

e20f172fb19c17f61df67c378a09dafacc2f705ddf1ffb47006bd9f9f00dc47435f5750269c6fbd0915aa9a2b8086baa317b9a6dfaa4ce1e9fdc0b042712ecce
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8RKLKD:fnyiQSoOKLKD

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3633) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1300-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00090000000120ff-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/1300-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\tesselate.x3d.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b0f3b62ffd02089d92e17a69d754b0fd63ddf49320071f10f24839a25467e25f_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
66KB

MD5
f968638f691cda2277ee7cd8d6fe46e8

SHA1
8d38d5db9d782f73b72f733df008c56f4aac4750

SHA256
fa8411702560f979326550131a17434c92bc1b29be21f7815b146641e37bf423

SHA512
bb4923f326c74395fc35c04bd406adb0fa7040990846d70f0dffc069345cd16a2c94256fba7388cd48ab9f224ca3faee1a19105d95b390d8b6a74551bd2e3d75

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
2b45a9c86d538816dbca5512b700d3c1

SHA1
a51e84f268cf8c9d3ca59ac1a32e71a1cb0d522e

SHA256
19a12f8f4c8c81e35f6d2a412534d8da4767c590d6158ac4364981c29df5e63a

SHA512
fb2d76c8ac4925647ba482ec51de7fb2b04389ccaddcd4296dccfd55d9d583411e3535ac1e10672b7b71e1c711cd6139b74bc055bfa2d267c9255d4bbe60f499

Download Submit
memory/1300-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1300-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads