359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
Size

63KB
MD5

9196d88e111152442bc51e81cf0cb400
SHA1

eb7a6b76399932d79dab1db5c1864c8b21c9392e
SHA256

359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914
SHA512

dfc8a017893fefed5b081dbbaad4a4f36e1343c8c617c46cee4b55f2ae56477431e68dda08ff467d86c6266e1d2079ba53f54d3fbd7b30aab0774134fd5a8f4c
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKlD5:KQSohsUsUKlD5

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3521) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1280-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1280-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\jnwppr.dll.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\359fde4cdc2a92e579f8a22b78dd6fa31cae93110ae319f906ef5813004d9914_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1280

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
64KB

MD5
8a680eec3846d2c226e16e959f406da6

SHA1
6651625bdc8ca03eae6f2a1324ad35a507daba3f

SHA256
806317a44e606fa7d753fccbdfb9d20f21ca98cc77869680b06e446ac468965b

SHA512
59aec65c638c927cde7ae1277aab75659c948645f32841a4ca793db679f0144c2725b559f44a2f5c1c715ef049a203112305697fb600efbf4c7a20fff76909ac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
72KB

MD5
1d6efea50b09351b09ac4763e740cf25

SHA1
c9f7d7f20e71ab75bc031f064b35ec68e36d0fb0

SHA256
81d9cc5371b4173880d71a4e5f3e4dd85d9c37780371b6e59fa0347cc3be898a

SHA512
17b56234c26bd7db88a7139a79ae3ca1d13ad003f2ab9e3d3354c7242560faf9296b6a6541b7e2c287475c0950a51205f2a844d122395c4229c62255459ef9de

Download Submit
memory/1280-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1280-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download