ecf8eda026727c74c9257720283df1b11266af658c758e213fc8db41fcfe4a84

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
Size

96KB
MD5

13d96e40064ecac0d012cc5cbca65af0
SHA1

8ad370500d771993e4f6b78295046cc1521f426a
SHA256

ecf8eda026727c74c9257720283df1b11266af658c758e213fc8db41fcfe4a84
SHA512

8327a66f9ab99ce48bc2f9c7fd478c6745e39aa00b5ad50a118fa6850eb950cc73204d857e8e1f6051663bb237e27bfcdc8a03a4d53f76873aa02101c32a57c2
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP26c:6rWpcOPxPke+e3fFpsJOfFpsJbgEK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\13d96e40064ecac0d012cc5cbca65af0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
97KB

MD5
fbce9ae983e11baf07e1554a0c686645

SHA1
a6ccc72a85b98ae1636a45607c8c72f7540b1ff2

SHA256
ec823bf59af2e757f5dbcfc812d811d050bd47ddd73136218929e2053979f074

SHA512
4883ba4521d427b197ff9502edd79d839da84a06e126e8c151d7a793022ce777b877fe51938d25a5938801ed2ae502d33a8fb96d92f085c5d59ecd285b80a8a8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
94bc32be1058abad007790127eb7ec6a

SHA1
cd26807b40d4fc8daaa2c81539acd316412df0a8

SHA256
440594927e1608dd2c7cc73f425528f9ec1178b9530c526c613ea2553ee20edf

SHA512
e4be99c4f5c899f7d34ef9410bbb259233474650701b848a4192afabfbf52ff2dd2963ad1e94c247e6fa7d5ebdcb1535bc62e6310fcab9f0b77e270bb4d7b78d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads