42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 10:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
Size

66KB
MD5

1816cf3ba69e5b46bdf4cb4c4e2482e0
SHA1

e4cbe4163f5734681aca3eef63cc19906412c78a
SHA256

42fa9cf3e004e3ddcf2fccb59a201b563f00f5bbdd21b58180a53edfaa248320
SHA512

5f969e2bd62de36f6b7f03cae0a182f7eac8c151faa95f90b6f9667b981363f057e7b13ae34a11c912b760e24be4285bceb194a331a3dc45c1d0c55a320e1378
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe1:W7ZDpApYbWj2WTWJe+e/qE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3717) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp	1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1816cf3ba69e5b46bdf4cb4c4e2482e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
67KB

MD5
387bf0596b545815b580bbb068d078da

SHA1
9a8645b4f0998f0b083a7fe74775cefb09eff531

SHA256
a53612d2c188870cd3cfe6dda7061d7d0ccadc3d9fd4fdf4f6bf819900a061f2

SHA512
351f10cf9c664c7837a95c08bcf9a9867eb16c597c584d6a5cd6fb85baa0eeafbc58ee8ffd1ecf94546ee61723704d4efb119eb32fb0545505b0033309140c83

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
76KB

MD5
6f1045cbf9e19c8f066307dd5c4337fa

SHA1
346bf05da6f3e191f33a5149229e088ddcb0a045

SHA256
b61613b0f854a639c3b652a8fefa9ab2ca760997fdbbda62f3f224e00affc4f8

SHA512
3b5b369f7b449cbad8d7c2ae0ed75d5198dffba30f1a96a38d715b944311304fed55bc0df1d5ae12cd6f817d6ab3012ae4cdd25b75fc5ff48e5ad82336a2859f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads