32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
Size

78KB
MD5

b19f3b009df3e585d1394bca80939870
SHA1

1ed13e88951f6575c63e80675f55b55da5e3bcc7
SHA256

32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6
SHA512

96f39f6cbf7fbf6c7a189dcfd7f268954bb45a41d2cf238283e685e1f531e847f73e12c38ee3e101874a947a13c2923c2ec204d4cb27a9eb5949a378045b1572
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8jsfEiDt3:enaypQSoTEix

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3112) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2108-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2108-162-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\OutConfirm.xps.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2108

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp
Filesize
79KB

MD5
f9ea20636eb207abbee2848c03080b4a

SHA1
4f3dade7e5b47944fd2f18eee867daaa9f5a32b5

SHA256
091446c03e35b7998b32e575996bad5d945c441f64473ce81353ca797161f402

SHA512
9206c784b74e6873cbeb03826ed260ade8acf78df01a66d5c33f5e305c540e2f7d76b002a74f89a6ba01c7bf3e204b905a7c56c29fc9dafad475a1a6e2beaf26

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
87KB

MD5
87dc4f252329e101fa94307747f16e35

SHA1
8ad4c8a2cf389b1d82efc5d626fd4792ab79201e

SHA256
f106620de3b337909e49d161e06acb22fa5664403e5ae5badffb436da1f441d2

SHA512
7fc74b13a4568f9de15a2b2c32d1883b733e810d70baad2fb7e7112b6a4d556f5048e251ba86a37ee6f80a9ac809d967c8dacde473f54d2aa21d5d2673a29066

Download Submit
memory/2108-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2108-162-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download