4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 10:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
Size

66KB
MD5

f3be0ce92dd8636fba8cbe372d4e8b40
SHA1

5f0c1958a22da13c8b7858061ceaae257bb964e4
SHA256

4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b
SHA512

1db897c6e37a830154d28a8dc54811616b37494f414a1034bff1ab2d24d84d83fc2f72a38cb58e0a134e2921b9e05fb009fd132738c2800088bb57fe28a27689
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwABT37CPKKdJJxdPO9Ot6K/K2Ch:V7Zf/FAxTWoJJ0TW7JJQOEK/Kt

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3516) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012301-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2284-506-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4925bf63ff4e54db9365e3a8c3aa140b93ed89357b9d4a820668c3b32599742b_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
66KB

MD5
f8ea92f6558174269a2a50575a1e767a

SHA1
5a1097ec9165814c70a092f1f70b21ad1941ec54

SHA256
445c2e713726b2e7dbca615aa675d1398d694475c1b376973277df9c7bae9e92

SHA512
5b19261bad2524550c4677ea4d31f8257d6cac396df00d0f73c9d36488506435578bb1b402e12b88107e3942a26511072a9356973b3f4900e3db265e09b7088a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
e7e65d77fc05a39c2c359b51482c5319

SHA1
1ef2f6c1fe3e8555e7fab89f3422bdcf84b4a3a9

SHA256
ccbdb247b201e4d175e166c4c99526be06abf8044f377b1c3519f48a3c3eea70

SHA512
e550e25e0b390ffa55857b1a7cc2de26a3a4ccc171c98141e4c7bb518a52be16efc447557fab1bb91eb56df6c3b5827dd0ddadf9033c9054b8ec3853962a5909

Download Submit
memory/2284-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2284-506-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads