3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
Size

47KB
MD5

f73f1d5ef26ed645ba88a11ed0f25a20
SHA1

1c4496525c02034eff379f487545d40aae56c5ba
SHA256

3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e
SHA512

a174710cc34c096ab39044d3afa54d92b9f0ee91472c627ff94e3d3216304bac9c87d8e0811146ae9bc1e913f9331291e63ac67776fb205b37469a7a96237253
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WZCqCT:V7Zf/FAxTWoJJ2WjWZCqCT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3701) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2908-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000014f57-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2908-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\jnwppr.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c92f8a29d694ce21db18df51f46b69cf8dd846fa839cc5cd00b057b050cb63e_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
48KB

MD5
07f5976a003844677ccef40951c99bf5

SHA1
b375dfa60b3d07b234e362209e240fdd63f76915

SHA256
1045b5e77d0888839f77411b999019ea1a3969c5e99317599a8a3ac8282f5c72

SHA512
3eb38d2ca83143efeefbb2697ae2b5201fcc2a1eef46b07184d3b9a99f87278bfe5038888db4ab0898a534e8fc5ba941f875c882b714745928099288ea8943f8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
3e81b84aeceb8015bc322037d6f3034a

SHA1
ba102eac97e01e085b70d4e6d350e0e1f4f1059a

SHA256
0dcad68df1d3244dc7032f60c60d4dce47f443b0bbd2fbb20b744f7fe950222b

SHA512
ad4781dd366525abf3f8128100a63fefc2576a5f3fb7e6b72dd96953f4153d21d3e03c5561f5820c3b9b92edc91950249e474e32af39ed0aa5638cb6a1b3f183

Download Submit
memory/2908-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2908-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads