0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
Size

89KB
MD5

f93f02245aeb119a261a20b73e48c0c0
SHA1

eb15ea5c45202ad9dfc97d7296358185ac379b0f
SHA256

0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6
SHA512

7488d2ebe14b61e9a78bf137e7b585ceefe6ec59a43707c00f3991d943406acfd77567d9c091ca4199eff0a9418ae1548b1376c267188638ca98c5ee13050358
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8VCnXxX81jmQJHdJHOUykUy4:enaypQSoPXxXokj

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/2228-442-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b2a0a14a35ec5a0cbaa44aa0c3aee2a6b0dfdc90aa802747fbcb248032d63c6_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
89KB

MD5
1fc9278438e6b5db70dcba7e43c2a34e

SHA1
83f91f348d0ff482eb299dfe686bae7122d9431c

SHA256
96782bf3a828b032414f8074478f02315ab1d009541d73f9b5d475be302a0d9c

SHA512
5c5dae752430390e9fc77c2810882a56fb2284867aa251538b7722abe7f40bc9a7097b8398187b9782ae396e5e0836e9da6ff260cbea0f5f2a1c27e35453884e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
5ea3e628c041767a7c678a30fd7e3dcb

SHA1
f1fce6888bf87d8eef22368e8efea7d9cdda7a20

SHA256
e3bc3956a307acaf79903e87ac9970f99cd08967d264c842e57798000db55906

SHA512
73bb6847adb542eed808f345408598995257442026b3b9d08ce18e28345212185aa51fbe0acb0d8f8d531dffa48eb6e4a86ca8e560870974b7c8a0de253f49ee

Download Submit
memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2228-442-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads