35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
Size

90KB
MD5

68e913b13d50f12fd938b8cf579985e0
SHA1

d6f12dc2916530aa9221ebed7ce07995f5b3e013
SHA256

35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca
SHA512

b454f1cf5bfe6a610f7209af21f35ea0ce8ba4a3497bedb0781b7bfce57d545d9253befddd4203e157a6c73b8c07b5a795794715cd8e514312f6d7eee77a6470
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOVYd7n97nF:fnyiQSohsUsKY5ZF

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2008-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2008-644-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\GetConvert.mpg.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35890089b47939e368a2949ba61e8c35dc21c2fd580718d92c6506d9706d0cca_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
90KB

MD5
cc7adcee472c7888417ab417dc382dc6

SHA1
ecc6d95c174265a3ff3c48d4c1d01feaf31264ed

SHA256
ec55d45669af00d75062bb7027edc49aeb1240ea344ba61c41f265c2e5385fdf

SHA512
f847c008c4d8597813b143501c7352c0b36f89652e12fadba967fe09cd84937db9708e5b92b852e6c9e4f6ce9e1461e26603e3789ad66a2ec8ff04cf4e46c4d8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
99KB

MD5
85271292fcbfcc365d916f8910f69558

SHA1
0a2361815f9a5a4504d252238a45be716e01546e

SHA256
a5611ec2ea1a6198cc35bc7d110a75d1f9729b7e25ddb8c8150c6c911c7cd501

SHA512
f1b27ee71ff343c10c9a6b95ba15fb2826784d3576ef06f8938e359484cef3407b5ca7ed3ce1d31b8073dacb042751444995dc6dc9871f355e2f9fb5b10c0d88

Download Submit
memory/2008-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2008-644-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download