9790f70198f2bcad5d7802fc5e2818959f6b15cbc1108d6abd6e4178b07740dc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
Size

87KB
MD5

3c5c290e6604380304b1fb0b34b3f5c0
SHA1

306f821a4393415f452700b6a454ec887451a661
SHA256

9790f70198f2bcad5d7802fc5e2818959f6b15cbc1108d6abd6e4178b07740dc
SHA512

aa79204d6a4db26b0ce8e1838aa8a2498930e7682f08dd8ca2b464a077e69ebb20d8df27f762834e5a86e64483e4cfdc4bdb2dcb1e629f58c54965e871fa296c
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNz:6rWpcOPxPke+e3fFpsJOfFpsJbgEx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3430) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7z.sfx.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c5c290e6604380304b1fb0b34b3f5c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
87KB

MD5
9db145cd82ecdc9093c64b26a8f330f9

SHA1
096c8ea60ee12cf08d923177ca45badc9abfcbbd

SHA256
3b77cf69944768d083b3312952ccde46bb218e5b175735f81427f177ad40e42b

SHA512
67aaf4cc65842023a886680c558fd32d22ade5856a54f713b7ab1d5f10bce26d574be346cb30f300f1dac37b4b10393b937aedf5e8d392de281174210bd6eca0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
96KB

MD5
571a740cea48cc5725bac705756fdffe

SHA1
b459b06ecbcdc62a25c975c2cc9bd86cbaa43af9

SHA256
cf208e755a661e54db445f914486b1dd1c1957bb477b5be6e64e2807ad56c23e

SHA512
7e9c5cec67a47e4ca03159964efa59ad5fe818caab97052b8cecfdfa223aff28f7211fbd1793c0d6d8f4d60f76b36ec1972daade1d028ccafbd674c9aa9163fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads