419fcb007ed4c401546308784d0660edac1806f37e35d8450c54ef072643e340

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
Size

77KB
MD5

5a82c6e3716e6b590d3a014c696c49b0
SHA1

8bb7dd98f8436cdd818bfff9c287de2fb8ef59b6
SHA256

419fcb007ed4c401546308784d0660edac1806f37e35d8450c54ef072643e340
SHA512

4d96919bef7dc9b45a6f135c198169f9e36ff3f4ffeaed7ef37988e24a5c3b38e7d066b9271d37605b1ec87f8ea92607592a9ffa9ce80f0ae7f4b9fa19a9a0f7
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/hZu6nR6n4:6e7WpMaxeb0CYJ97lEYNR73e+eKZF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3551) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\ExpandHide.mpg.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\StopMount.wmv.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a82c6e3716e6b590d3a014c696c49b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
77KB

MD5
f2de8aae307d170e99f70f7eda9e2f45

SHA1
1d1712df0e38adebf7f7ad2f1b6313b077acf276

SHA256
0e6ddd2671dfae8ac3ce699aeefb33c8bda008010fb5a8c039bb6c7a045c138a

SHA512
99a77cf32c6512816fdbc1779f21273777bc82423f466d87936c2e9d9187d55cf74d68123c820b54066da74147ff11e1a4cf090fb91646d5428dc3b7ba3f60df

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
b2b99157c66750b503e0033c11578930

SHA1
cbfceb2fb0ca6cfaba386b8ef4900e0d08aa8320

SHA256
73bad53404eda5ac6f4f69bb23ba4ec0b2d3c11da8e8514189fb213d3a87369a

SHA512
f9e6551abe2a3373fdd61a23364e2cf2890873fcaa662caab58728747bd30b5d932c67fd53e8b740a4d3293f7f98f33ab1dfcff93be90de8ee4819217a4f85f5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads