aeca93b90ea7c96988f2c30ced463403d89db84adb5791e676c00b3aa8ac0b9c

Analysis

max time kernel
146s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
Size

84KB
MD5

11f89c81e4ae2e16a6b890e8034e8ec0
SHA1

e5f051bad714cf5a29e0f33cc9c3f6872e2d4537
SHA256

aeca93b90ea7c96988f2c30ced463403d89db84adb5791e676c00b3aa8ac0b9c
SHA512

26676eee47bc1f22edc06ebabd77d4c9da1dcaf9e49b263df01a38396d5aa81c749e6a1aa620341dc180794405f15db72032649f721f33bc7de185d30efcda5c
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPqz:6rWpcOPxPke+e3fFpsJOfFpsJbgEY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\RegisterTrace.tiff.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\11f89c81e4ae2e16a6b890e8034e8ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
85KB

MD5
d0c5f71403e989b546355ad3b3599954

SHA1
e1df30faa79e258628f46daca2549d2ed76d59a1

SHA256
2e210112d484f44e36376e976c02bd588cecfb9dc596f9d44c6586d10cecb268

SHA512
51530ca5f819078ddf4d04d4b265c7ee258b45b6b0341345711fc527e9eaf4c9069d07e658cb62ea7c118f1c32ea3208ff112366f90a156e11c75bf6c2812107

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
52062a862ff64b2d9040907a9066bab3

SHA1
8404e798c1e8a22cf4c4eff9de12c65027bf6ca0

SHA256
40e9b5f14f4e2ed8eb8442cf2cbaf5dc525740079357adfd26bcce024908b8f3

SHA512
b0448bda4beb5e9b32e35ab5fc792c35d928b1424c3ac05fa3adaf12182e6172c4abe548350db5bcf97233c45c88e901ea108a69eae9016f99cac5926de67504

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads