7552fb2fa53fdf5813b5ff69f9d0ddf0d5245689ed8401058fd1b415ae920102

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
Size

78KB
MD5

8c1cfd795dd88c02993c221a7738fd60
SHA1

b628565e4d4fb48eadc1bc61f8aaba2a106a9f7d
SHA256

7552fb2fa53fdf5813b5ff69f9d0ddf0d5245689ed8401058fd1b415ae920102
SHA512

9f15f1bcad8e969d7621fb0410365ff91861d8148880c9571c723de6e492ad10a524613c84d105484c985b2ff996ccec5f83bc7630a99dad1100f83564f7d679
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/aJaKJaO:6e7WpMaxeb0CYJ97lEYNR73e+eKZm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3467) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8c1cfd795dd88c02993c221a7738fd60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
78KB

MD5
1f2650ce4e90eab4afe0dfd46e8e2ddf

SHA1
fe83e9571e2796d1efa307b6177f526f35b6f435

SHA256
a52185cf24dcdb3abfb112b157f1c0cf155f911c79ba8b2f5ff7552088db0d06

SHA512
ec9326ee91a8a6159657988be009250f71a293cc1fccb0ad8250031ea040b2381e11da367edb189bc79c3422bcaa5daa8f3610d7d25aa05d0c94ad7383112d0a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
0df4d7715d0d69635407877293b94f96

SHA1
12055c9dc512fddd06d0113f8a965fed27c45a31

SHA256
420578a46f39c4f6e88f31f17507d8aa321a3a7853b46ce5e550b51a24c937cd

SHA512
d154cc3250c217cd8859d006d9580c82ee0c19eaf7d54f6bd7e98f69cd320f125fb6f09bbcd83c058f1a04aaabafd3cc37b6e58104f8c4d41c176cfd2b883835

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads