a281b5e2de06d945e09eac61fb70342bea0cb5bc2340746abe21a70143eeb764

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
Size

72KB
MD5

1a4c5239541a0e4e855d0c54637ccd60
SHA1

a3370453521e375e5b75c7e0256b22201753429a
SHA256

a281b5e2de06d945e09eac61fb70342bea0cb5bc2340746abe21a70143eeb764
SHA512

807c89b8e15d9300fcff350c4d2de2bf51d1eb0b1f976346244c0c2860f48fa53916049ccc1f91262d944ecccdd03e267afb1648d9c20fff3e7533d86ffd46f5
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76U:6e7WpP9oVLQthbYY9oVLQthbUv1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3551) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1a4c5239541a0e4e855d0c54637ccd60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
73KB

MD5
113c08afe099e3c361509b48e01d35aa

SHA1
22054c51ceeb2a8c2452176efb6a74c44dc64c4b

SHA256
d6ed358236909714cb570156152b8758c06e0dafdd4700c511437d6283d57a5d

SHA512
7645a8c77af48e4bb7022cc835dba399fadf125ffc80f19d43235a9e54f5e60df85d94b57896f9f31cc507276e581e2166cd1cbb53ffe4d2972cbb2feb993a49

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
1fb5e103304c105c00d0c1335153e345

SHA1
099fd67a727d2f6935531f488c75460fcffc804f

SHA256
a71920507f3b91c1d7fd7e9266ec8240ccc3ce88c8b7e092a97b5866db50ffb8

SHA512
e6b22b46047461aa86b65b40c8aebb6dc014c58a1529e07e0f62fe8d62736d3a16f3380ba0df95015f806524b838889028355a5a44ac511db287bb7e4a0c7fc9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads