35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
Size

54KB
MD5

65512d72ed3012bd8d9470bb61c113b0
SHA1

628966932d3ecf3b6eebb7244821cabfa957f0d0
SHA256

35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9
SHA512

1a913f669f5a7cdfcd126938d5b781a468ccb5b46b8d9bcdbc566a6ac0225f8fa8caf8b0b25f8a5c7e648377da638165e3fae6839ac3b6f2d0b624de2b08d13b
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx1ev1wcw6RHR9:KQSo/1wcw6RHR9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3683) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1960-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1960-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35a28496c41b8cc599f5e1f1784a3415d1125a295e4ba37f28ab39e60b8d69a9_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1960

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
54KB

MD5
5e6a7fd029fe8a32ba301e8c1134ff2f

SHA1
8f23d2abc34fd64f6c7117c37ce0a50478d0870b

SHA256
6d872004f28abefddd104b6b53344da18f2e9d75aaacba240bec7117216c47c9

SHA512
3b5ba88add94ac64a0dc7a6163323a740598c2fcc894d904c63728088acbefc5f6e0a8b9794a7baea19e79108508c09b644eb565407cb26b0c611d6c43991b61

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
63KB

MD5
b82088eee34003fc0ee734a05ebc3954

SHA1
6e55c04b86bc935e85cc90c825583cbf87e72cbf

SHA256
c5f71c13e26d64353ffff6fc7e8621342d07f27b9e2d33826803ad128dc813d5

SHA512
d688577aa05d48ea288183d4cb8e2e3c9ecefad2dfea93ccc810ef6a53d7539b9f39b7e2894528a136c50bbe48047fc7e5ca7e86328665b45530290ea2ae9e06

Download Submit
memory/1960-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1960-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download