4fa5dab6b72419924e61f0d3c4ab6057937ebde2ea846279f27493f3b540d3da

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
Size

115KB
MD5

d4bd5c385590fd94f72276515540b230
SHA1

e05dee86d6ef1c875ad5bb2873b335dbe5685f69
SHA256

4fa5dab6b72419924e61f0d3c4ab6057937ebde2ea846279f27493f3b540d3da
SHA512

102e46ea356af2b849bed93686dd636589784f1eae1cc48f541022c9b521ed4464e79e784f186e04c886d3de0664e1772401a791188cb86a54b3257cdbd6601c
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVza:RqlIyFESWu0SWuGSO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Portable Devices\sqmapi.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d4bd5c385590fd94f72276515540b230_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
116KB

MD5
d395c28aa30177f8d23e0ad6c277277b

SHA1
b0813de52045a196995716883fc083bd6f823528

SHA256
59fc177f80ac83d4b4869f3323fdc6b665b5a730e89d4b0b8367e53e93a8412b

SHA512
1f237309fc016f6234bb4fe6cfcb4b1edf7f9d5a6f515645cae4b446c0f3497110b1890c25ea6c985d879f582e080e70b826542e827a7f68aaa83c475ccc10bb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
125KB

MD5
59f6a224eb33b8bbded00ed8c438534c

SHA1
ba3dde41d64c250591051a01d5ed111df849a25d

SHA256
55536ff25fff49b2a2cdaaac87c3e67e3330381161034f9518f56182dfde75b5

SHA512
195c604640659cde145be5c8a5b9855188d41fd966be1b8dfd311eaf4a14007c0c091de64f5250d12b94484ca270f7d4e158cfeefff180c61cee011669b12532

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads