5e976a6bfb99d4e4a0c27a34c079085cdb87b378840dcff1bd00d0fd1980faf3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
Size

112KB
MD5

157840f94fb0e3918ed7df714b4c4ec0
SHA1

ef0ecdb85ac9cb36f1d6ee9c5821ddf95f97cae8
SHA256

5e976a6bfb99d4e4a0c27a34c079085cdb87b378840dcff1bd00d0fd1980faf3
SHA512

f9efaebb3ec326596dca40729442b41515bd90b81f541112a4a9fd0109c6dc222d66f3662ae7abd122d5c492c80198bad6f2cce30a64a776a25d016c7a8fc7fe
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzS:RqlIyFESWu0SWuGSm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\UnregisterRead.dib.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
113KB

MD5
5586c57cc4bbfcc6be18117cf1278dad

SHA1
b61a46cd315a3020e930f031e68f9dc99dee6772

SHA256
38ac340e6494b1cfa68eb857ea817164239947466e99f9051a8a634a57b1d023

SHA512
f50984fbfe291ece48049719d00828d958cf068318b991e1868783ff3e836b0991336ffe7f334ef85c265607987ded9e3af36f67c7625705b1cdcb56a5ebddbd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
122KB

MD5
eab22917331b2e67deb90c2e3e1d76dc

SHA1
c00e29b9bfad6f2ba2caa1fa122732684a343f44

SHA256
561f40ddbd015d96c2b0fb5f4f4edab9ddd486a9c62a88c30b7cebc4a94be149

SHA512
9cd1f0d6aa7a83faa8f7c069ac578d636faa4c9d987701103365afdf377b0b674e84a43c0b466814586c82ebc4b3c67cc19b2eeec4c7b036276d26b6c889f0fe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads