4b844daeb4b46a74f6cfb2809fe955fbfd2d66df5644d95d8a36d4d475ea41b0

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
Size

64KB
MD5

5bef7a0d15044e1bb2d96f4ec864e260
SHA1

79ba053b764262de7f398ca8e2656cfeb5bbc37b
SHA256

4b844daeb4b46a74f6cfb2809fe955fbfd2d66df5644d95d8a36d4d475ea41b0
SHA512

452bfd3b90ff6130ffa8881fb3be2b66c7ff1ab599c564a0a099466a35050d070aff5c9059483d2e4ccb93889c58a18e975a7a1c0ca489aba3c12165bef483da
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJg:W7Z9pApQESOHepOHe8G+6E65TGAQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3482) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5bef7a0d15044e1bb2d96f4ec864e260_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
64KB

MD5
8d0723e9981f80d7bc1a4f67c8c6f6d6

SHA1
d3f24cbe013ceb02ffd654d0fe4a63d0eaffe521

SHA256
9e970a58c30e4db99b8dea4c7a4409982a0bb317c32a85d1c65b40e3fbbfec28

SHA512
6f03f09809bbf984daff470db4bce9fc82bea3c3c345f832a109fe6653d2285c5863745f445b3efd65ca11eb18569e1f79675facad2731acf70eae7c2b12b77c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
97e3bd15bb18da6141fd701b1cc5d44d

SHA1
f4029f02444a2b5b2534cc766105e1a5193aed7a

SHA256
b7161b5f7ce6201338b13cdd7facef19121f2334aff4ff5d0f61d13791c5d347

SHA512
a46c30203822316d221a0b4d1070538eda4d6867af40d2adb66954d928c1645336de0c8f8a74c96095c3f2e0d2f479a9f7ae29cc3296225474239e6a1d2f2494

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads