338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
Size

57KB
MD5

ae00281992f86e7c3f0e5badbabe4420
SHA1

07c479f839c913507cd5ebb31a146bd52c0b8973
SHA256

338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa
SHA512

65f3f2292907810d82d6e40d3851e8e26c9a9f211e6cf1e222ad52d7482f4fea664eb9fff841b9a6cf5af61f9607885346e28a0c9ea73130200c566b61ff2d58
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzG:CTWn1++PJHJXA/OsIZfzc3/Q8zxg

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1936-68-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\TestTrace.mht.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\338089b0e7c28295c8aa7ac087a503d6b48f1495f347ccecae2ab310114649aa_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp
Filesize
58KB

MD5
bdf55d0518d69167d0beac0e698e370a

SHA1
dd3600b9f93b57aacff69b1748ba065381b6ad31

SHA256
12aceb2dcdd624e829e1b49092a60e799b88ff2bc025996ae71c17fc3016fffe

SHA512
280a1d6c2a729c09b7520cfe3354ad10e5709cff3e8a7b07e41df69eff4cbf98ab57896e536e02d7af68ce490a34e0082e02bfc2cc2f51f7cb1b9e3565d30ac1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
66KB

MD5
51608946ae89d250cdd66ec0aae133ff

SHA1
aed674f16fffabc0594ceb8112e07953a95a73fd

SHA256
e335e8a7d8e07d611583a03ed172a0becf1bb76a7a663c953dd50950662f755a

SHA512
4b1bdef6f68343666e0ac206646a08f57ca89355e87244208a4c6e140c8fb85e2bca3e76a34cfc9ae1b6298a3f4988a4ab52507dfd6e1728e96e2a3926a7d762

Download Submit
memory/1936-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1936-68-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download