376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
Size

152KB
MD5

b2426bdd2dbdf7f0ddb9636ccde15540
SHA1

15dbce1e70b9088a68d9a079bf2925699b697809
SHA256

376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338
SHA512

ed4d40e4d5b3fe7b642906bec4b1c57bd16c2dd1a1466fb5d0e344fbd5d3eb97c86ec00c1707b084c901e316d78c203444cbda0c806a2e02a3ed18a34c8101c1
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8OyZ2Fdld47HhuMLwkT+vd8:fnyiQSonyZ2Fdld44kT+F8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
behavioral1/memory/1776-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1776-642-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\376e2e4197fb6fe8d32159439aa3a9244315d1267c864eb94e5c316fef1de338_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1776

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
152KB

MD5
27c8e3dd91d23900857679507328db5c

SHA1
8abb2a1bf0d1e2accb37a7693048b2b2f0863470

SHA256
e080d983ac3864910404b311b8bbc1c65c7e8c8fa901181dc2300a0703c66264

SHA512
4bf27f1a5de89441128c76e05bb225745fe4135336dd3b4df5e007853a27e3f3ddccb342e85e0927c456147447344c4a29e44fb097c5aaef2351739141b849f2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
161KB

MD5
f25e42afc7c6c2dad5626164c93f52a5

SHA1
9b8e6661de4b011a7cbbcc08fe1fa1fc324ffcba

SHA256
4467c8ba384136ab543f3ef4db12e3c856eb18889e82df9586aa9b6325661c35

SHA512
bc492a742bf4a28ce91c9f7447845d1b5c317886b505c31eecc6266f7491af987a45f49c73a4f2f95c22b1f43374b670b3de61ffc0fea8a5b590b52cd17396fc

Download Submit
memory/1776-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1776-642-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download