32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
Size

78KB
MD5

b19f3b009df3e585d1394bca80939870
SHA1

1ed13e88951f6575c63e80675f55b55da5e3bcc7
SHA256

32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6
SHA512

96f39f6cbf7fbf6c7a189dcfd7f268954bb45a41d2cf238283e685e1f531e847f73e12c38ee3e101874a947a13c2923c2ec204d4cb27a9eb5949a378045b1572
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8jsfEiDt3:enaypQSoTEix

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4847) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/392-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/392-1788-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32ad453eaab8cfef62706b4beb50996a71a5bd68f955942227b3641f301244a6_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:392

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
79KB

MD5
3cbc62354cc49f7bc9b44814b7145395

SHA1
ae8a6999b5ee061695897747ed7bf6bad70d687c

SHA256
80719b023172e8aebb0f3a7f5a432d674f328d894ffffd78ef61951b2f8249ee

SHA512
c05e6338b36cddb88518e254b24c2f7dfcd4da4d9e80ff694b4a198541cf9752eff5d43c0f2c4ed174311529a06eeecbf5c3db5392f5a55d81d865e2d59aedfb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
177KB

MD5
e38bb5ceda8c0af0de9edadb64ac3560

SHA1
3e4c2220c5cc1e304f37323d74acd596607e9d1f

SHA256
f1b925fb8e85ef188e05d45aa407b6daf1b2c0e60d03386bcdcca404e00ca2d9

SHA512
5de21d031feb9cd1c323e4dc89b398e78b7e8936c3160f74ed0b14aa3ce99b53b8f6d499b7c49fdec4e04a7d5c21ee2cbc9abb0ee1da797bab191d7b2eb72915

Download Submit
memory/392-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/392-1788-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download