362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
Size

45KB
MD5

cc0f01f3b41bce35d3afa947116448a0
SHA1

189c7ed8c983ea2c436dcf99201687382cd9b527
SHA256

362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682
SHA512

03ad2d3e130148186b1fd200fb88a7c1245d2ff56d84ee3cf4bf1054199793d23a79145c81ae90b6f883299056e62b949c0659a7a98d5fed85f091b8c7a338ac
SSDEEP

384:FBt7Br5xjL2Kd5AsAoh6n5eaOlIBXDaU7CPKK0TIh6SjA5ZpZRZpZS:V7Blpf/FAK65euBT37CPKK0SjA3nq

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3795) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1224-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1224-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.tmp	362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\362799013d5a571616936e2333fde3bdb31d3a0bfd4dcdaf8958d57108e85682_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1224

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
45KB

MD5
846c2e76a9192ca297ae2ae8edf19b63

SHA1
68d0ab0f722f6f37a2d9dccd692071d14e1c1c2e

SHA256
e0306f46577d8510130302c800758b6f6d662e812e4d4ff571e9f56030b59a10

SHA512
09464f0de97a31fdf127c70a9108b44ee2bb5126e3253d63d74de38b6b2e06d2a15b1a75f0e3ef82cec0ab13477deb9866e99b2abf8572b19767fbc80ec0db61

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
54KB

MD5
03e3385744750281d4561a3bc79b0ea8

SHA1
45abe5340d4d1b55353b693f5d4b4d4a35595592

SHA256
31e10db995a6b0520787a65cf9176efd5d5b75cda88905fdf61646c871f37656

SHA512
3bba5af5e135aa774bdec265b5847532620fa8627b83774078a7d429228703bd536f353156d6fce49458bcbd9721a38904fa897f2c8aca5f732377a6b0c1d44d

Download Submit
memory/1224-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1224-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download