60754d0f3af6c01536db846e0ba0918c20365c90d8999bd1b855395e60321564

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
Size

150KB
MD5

2bfb0ca6284dcb73ef75e0cea14da7a0
SHA1

034b58ff3adc90466afa17c32d6102546673dd53
SHA256

60754d0f3af6c01536db846e0ba0918c20365c90d8999bd1b855395e60321564
SHA512

135d54a101df9b4c559fbdc364211924399faa85589bf84cc2c7ea58476f5d267c74e654b9fbf3cf9cc180e88bed7f861a37659dba2a6572166207e955551b69
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZz7Tib+1FR4eCLOhj0Yiexjm:RqKvb0CYJ973e+eKZz7TiGFRkC0t

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2bfb0ca6284dcb73ef75e0cea14da7a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
150KB

MD5
10afb4fc089bc7f9f26bd0fcd4626072

SHA1
0f9dc0efbbc5bc733680a9d51c1501529dd1091a

SHA256
e2cb86051cc79167de15ee67cb4dfb99910fc45da748ada0ebd4d7082abc8e26

SHA512
5b1bd29bb495f448be8df85638771f576864753c2cd741492bbcc18385c4b194667a0b4b9833e764fe77655936fad517206a13bb333067a43d3c7c939ed50a09

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
159KB

MD5
e8a5a0013bec410279236e3ddd6c255d

SHA1
deed79c9cb1901cf277af73f29723dc707ecc0ae

SHA256
3f52da749708bfa8ee4b8fecabc95c5efb05b70f0a3d3d606095bdeaf38f2583

SHA512
be8ab1fbaeaa2e0a6336d17a1ea0e10652251f80b7884f2dc4ca75078bd5b4f7d9c8ffe9efc4c92ebf74cc6471d3c1ee1f68a71d09514ceb819003e859c6d4d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads