2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
Size

46KB
MD5

b723eb0fd6a232b4fbe47dcc5b4703d0
SHA1

2d5806e3a46721c45ca807f882be3c929ff45daf
SHA256

2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704
SHA512

f39582ec249a7538199ddcd5e778b9c9678c64f4ca77dc19431f8ccb8ff0ce71e37b403daa50fb37d7ec4924ff2850858328d174f16c9a5277c0374ed60c184f
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzw:CTWn1++PJHJXA/OsIZfzc3/Q8zxO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001226b-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/2980-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\RestartRevoke.au.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp	2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2003adaf0ed9a4f55fa23d452e88c81ffc5ff27e504b1329b106830028cd4704_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
47KB

MD5
ece6cd4ee45cb00873c492c205406980

SHA1
fb151a2fc02e042fbc720319fa7f07439e8528a9

SHA256
4039f73ffae0ceb08bc1e0ba269d6c9c27c3248cd80a22ee2348894b27e28229

SHA512
217cc3f09ab57ea3a26b75934430f74d8105d46f1c26ff54fb887f9b011152b564e3e624eb2b78bf2ecfa00fb6459f789b90820a91e16029af1a1ced82dbfbd3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
7de1df17be341bf41cdd3c888863fbff

SHA1
2e200e3616a089730d1c98e73802d81cd88c692e

SHA256
21fd3357e8cebdab1df0e920b2d2ac0dd019f3a7a640990a4edbe49e40d2c3b9

SHA512
e8fa2377c65829f1afceba4e528e8298d78896f47ae6b2bbdeeadad9e7af0dc1a286e30b18f462902556320d34151e74de0c9e1129c634796cfcd69804783b09

Download Submit
memory/2980-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2980-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads