30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
Size

55KB
MD5

4df61814463a39c6b4ed244f539dba00
SHA1

0282c59c0fac193927030c30ef3af2e88783d12b
SHA256

30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1
SHA512

dc93519ea14e05b9eccd2b21eeed0bb6eac194f24f645aad13a16a3444040d4658e24f96802e84a711c95693da0b12780bb108814e6c7753f1470e2d15487ac4
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx1ev1wcwK:KQSo/1wcwK

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1736-68-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30c1ce2719e46b38fdecf4e49a7db9a856fa4f2fbb0ac642a341934bbda8d8d1_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1736

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
56KB

MD5
91ce6e3a8e7eabbb7b57d37ae85a7faa

SHA1
c52dcad2d486401bb26ef8c23b7591720c78aea7

SHA256
d5f77bb18e64c9eef3242efe119279cf67d49af76ba2a3268583fb65523a9954

SHA512
ff123e814e8cebe0b7f673cc75c3cf80d58cb89773634b1c9f9c57ffe12d56da214762af80a11560a3afa7a793d9aa42487a3f519d49b53741420269b5c4e160

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
64KB

MD5
e4a08df3d82737bb194ec4e7fcca2cbc

SHA1
56aa4b52aa2a04990cf91b1945eaf068b5f513bd

SHA256
f5f70c44c6d08a230c4a38da691a65d2509e1e86befd75b95f96013522577c11

SHA512
b27cb33fecc783bb6a5028c91a746d4a56bf16e72f8524bfb5042e6d775838a6f36265bd4d3cb28d41b10da6a570208f6a0c574898c8ec5f296749e4d3c44769

Download Submit
memory/1736-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1736-68-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download