3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
Size

160KB
MD5

fe861f5a84c7af4cccb23c28464f3610
SHA1

5180379dce05072f939ed383f178b13dfdbe95b4
SHA256

3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23
SHA512

6e7fad39c239fd15f8c90c30d38799828e8a75d8916f24504595e0ed2253f0fd1abaedc6072f30c8842398493ae816d500ca69a7c7b01c22c27fa6c93ccbb5f5
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8OyZ2FdldtTWn1++PJHJXA/OsIZfzc3/i:fnyiQSonyZ2FdldJQSonyZ2Fdldb

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2851) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2964-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2964-184-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
File created	C:\Program Files\GetDisable.sql.tmp	3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3434d3fa846225eea95a03379fe38ee2790671158bd8b7f4aa1bd84b96647c23_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
160KB

MD5
00f6d6987504459d6162af599e3dc0fc

SHA1
97bcaa2c3f61e405e8de2c551a3b037879832f44

SHA256
724efaa46b5f2472dfd7775a85a1dac42f685857c029c3f90c9037c513c2faac

SHA512
b5fc567c9e67106d9b15cad9de0005f4f4ff397e00eaa7930e0c8bc55fee3e400d9cbfeafbd2f66745c01fdf439317cb6afeaed7261580130bf61f7b87d66851

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
169KB

MD5
2075dda030d911a89b40cf3e3997832e

SHA1
24c9a1f08810ef2db0140f7ac9585278a04fef25

SHA256
3d8880df9ee35f59cf6354831e927513de32e3493c8e5941566fb56dad5abdb4

SHA512
c147313c90cd79100bd1f65cd803527ee62d924282ae9efb796651848817bb7b3997aa95dda04cc79d12617575cfc6705fb91737ef1d425b701ebedf6a78b563

Download Submit
memory/2964-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2964-184-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download