8eaf1852563155ec5acc7e48960ee471984ca7ee3621f47eb22e675da7f686b4

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 22:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
Size

67KB
MD5

12dd22138c45c04baed3738278885e60
SHA1

d205af16c6f9351a4eaeb8955edc51b88ec81a06
SHA256

8eaf1852563155ec5acc7e48960ee471984ca7ee3621f47eb22e675da7f686b4
SHA512

14e3059b1d6c9f13cf5c96ec1a3910af691e3b607193810d15e3a9e1225ffc01452459098cf83687ebe71785519bffabaf7133c1aaa9a37207dd78ae85e2ccce
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckMJR+JRcXxXD/p:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
67KB

MD5
3c71d21cb65824de49f9fb4e29c7ca21

SHA1
9c6679595fe50b57c669969825ce0557c06bfe82

SHA256
9ba599ac4c1c9e5a40409e4bd6b44f6ae6d1a27fba47a824e3fa37656890797e

SHA512
3c9600a2c9c0cca2f6fc01a33aeab8aa6bf57cf7dfac2519adf7a94b56fa20a1da694b78427c688a9027ec3def3ae6febd47623a3ceb63f525399aaa6ce21c79

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
76KB

MD5
65e044e5b191f2d2ddfca10e95d25706

SHA1
028fb63a0dc78bd97af0c1c66b0fa585035f1d01

SHA256
721ca919598107883dbbf61916c2180adf12f4a9d4a487105377f38d24605703

SHA512
dc2ad0849802bccdadcfcd0d13242533f7cdf0d725225a4a806179062e20d6d17e0bf3abdd0879cbcac8a383d926e71466d9ce13618846e2596b20b0a828aac5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads