0c8058b86863aa411f1a6216e1438869ffb83d3d8a4b22d09b58fb6d0466a489

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
Size

126KB
MD5

d688c4a527821dffbc140e1f5a9f2ce0
SHA1

77ece95dba11e26d5ad80e2d85efde275e338b23
SHA256

0c8058b86863aa411f1a6216e1438869ffb83d3d8a4b22d09b58fb6d0466a489
SHA512

654d7b795a50e28d191bef7c3b94e85489be4c8c123bff89fa281518d886b2d421abb3ebb1fa720e4324ac8921695d8b86ecd9ee480c807962b8f65839392061
SSDEEP

1536:W7ZQpApjIWe+eoO6O2lpiMZiMLJvlwJvl9:6QWpBe+eoO6OaiMZiMLJdwJd9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromaprint_plugin.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d688c4a527821dffbc140e1f5a9f2ce0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
126KB

MD5
0ea8ab967dd1a56cd2c08a3e26b23c91

SHA1
cfabfe366fb09f275ee88e56d492ca5b328a8d8b

SHA256
f47ebfba2ef25e49defb2354ce960d619d41a4234049ce0a0b838d9e222524bd

SHA512
3c614901840aaf80137f5c4fcfdac6f30e82b9f41b159269dc9ad83158758f419ed14e89f7fab03839b9f82c92a218f787547596b09041bba4ff27d6bfb784f6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
135KB

MD5
5a7892295d5336036976fc181ad67f70

SHA1
3ad152d76ac73f0e68c9d36a69dbf66c8afadfe5

SHA256
e28b7aef337c8d4a478c58a490170b22768196649db401c9dfbe098c13e41c4b

SHA512
2878ad570afa7d8e6c22a20f9e107e71b64dc190378a3b2fa07b684c38341496ea39dce187a05fc56ef5657a0ca4dd608e80ce125eb7efc612e59d5b9d502603

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads