35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
Size

83KB
MD5

e01dcae3e48fd0e70a8711ebb7d1db60
SHA1

ed216ee13cc145ae3f57532a19752b75f58107ce
SHA256

35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08
SHA512

21f4a5e0d4f9fd3b2dbec87556b38b179f3490a1d33412e8b4d2de7c13b48c12bb61c382c1633aed5aa379ab434b4925987d8ee3e87a57655288ebb84820489a
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8zx1:enaypQSos

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3464) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2068-652-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35e2555d5c740a6564f221ac935d6558419902894521c8fb394fad93100e0a08_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2068

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
84KB

MD5
5fea2b1a18504313e917fa9f569b4d7f

SHA1
71f6536c958e49e2f9c0985c25a14bc9c3fa4c00

SHA256
71fef962f019404ce06dd5fd47b012e691ed12ec533ad513220ca2a1bdc12831

SHA512
fa449f2ed884d1c336107a6668a4611a75d41901f5469ae4be50829c9f8ed4801862e5effc9b518ce5dff3749fae56b645957af2602b59c0f9ddea53512e3d96

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
ca821975b2b95fc2039015dfb43a7e2f

SHA1
3e30f0e49503d4e1e35ff2428f1836e4009a247e

SHA256
a26f5858677e55806ae647b8357b267cd4617669b494edb4db2672f5f769f345

SHA512
61b0a8b5a2ed2d7f684dc622377833aa06e9f7d3530de3a101211d3279ea0f5c2bcd9c470fb1ae8886131f96d82786c473674e90b90e11c58e0db7e36c6c51d6

Download Submit
memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2068-652-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download