3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
Size

38KB
MD5

923e0ea33482ab864facb143f67a5430
SHA1

69f563b83bada77b64686821e872edbc182aea2a
SHA256

3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9
SHA512

f6885983643babfe97b761ede105ba877b21dc9c59f2ee16441a1021f172ddd0b94d4f1a19033128538a80f310b216a2da904bbcff9e66b9a3b72fedb2b4cf4d
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJBZBZaOAOIBRwO:V7Zf/FAxTWoJJB7LDYwO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3158) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2860-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2860-162-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3096e60ade10bcf9d46f16c53850460f4437547bbc06420900bc59fdae37a6d9_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2860

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
38KB

MD5
e95fe01a3d989c83e8131d45e4392b86

SHA1
0e446b6a0d9ce74bbb492e0e770c221397ce380b

SHA256
168808163f968a942d53399c48704a68044b14389f5c257291e7b1ef53e400f9

SHA512
41de4ad01f0ebd11417cfb1793bc721526a7a130d25489071def4bdb212ecad32ae2fff5f6a495a688825656cfa413cc5c599b386553b05f35bdd3ccfa58c978

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
47KB

MD5
0a640e5609186faf1d158d7661971486

SHA1
b0ac55f43d5cbce5313320a026f4bf26f1fcbd6f

SHA256
14e6c8f1a6b600d98aa7bbcd104315c96d7374bd846160690ddce2121386b825

SHA512
b186230ecc945d42b235efe6340072c33678f3029b01790033a3cf7b1ada76ce3e790532ec21802a03ee472527bbb94e79613cd8a0c31be56e74149eb0d064d1

Download Submit
memory/2860-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2860-162-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download