898f2cf06196c1e1f38cd134714ebe53a67abc0efab0a4d2fac3e5b6c2670a7e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
Size

129KB
MD5

7bbf8caeaed77b64104d64a7713ed610
SHA1

cc637475bf8fe2bc913661fa8c5abe74a2f43888
SHA256

898f2cf06196c1e1f38cd134714ebe53a67abc0efab0a4d2fac3e5b6c2670a7e
SHA512

6364d3e5f3396b57a369432b9585b6174116a9ce6bb7364d2437a3eebdae63c0223226d4955ec7f3ad797eddd00f6d7bc801d85a3087d54cf9ced460d3303062
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzN:RqlIyFESWu0SWuGSJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpSvc.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7bbf8caeaed77b64104d64a7713ed610_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
129KB

MD5
922950f5d412e5418a98fe0f2c177cd8

SHA1
5e246f23cb6c7fa1e53705d5f740d7506ea1074c

SHA256
63db204964c8b367bbbe4a158905b62309032c027fa0f1c0ab5f13bfdc09ae5e

SHA512
4e6f0bf97af277bc8eb3f87048d774a89247b677be008cd21b5c62c74f042afb6fa9b0e4a712092cf2b164de379d89891f37e86da61c5590f9df868041723a94

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
7c7d6c1288dba595a707f6455dd3f6e1

SHA1
6133995ace0ec3f7be8d21d633289d2f59cb7602

SHA256
c1bed9b2cec50bea8f5a617e2c9e43997417d5e3935b1d870c57042c9926f878

SHA512
44c25aeb262dbd87eb77fcb41f6ce90ddbdfcd33bd9bae7147fc4803b29b3953e275429248672301627087044bd10392056366291666af5dcb6635983c824532

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads