3ee72d2a46b16b007fc31a5586d50d50f65451482461fdcf9f995e717633c27d

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
Size

93KB
MD5

86dc41d03f622705140c7b6a71967fd0
SHA1

d22314168952740391b70c934418c2f5323a45c5
SHA256

3ee72d2a46b16b007fc31a5586d50d50f65451482461fdcf9f995e717633c27d
SHA512

a4e9be4a7bdd3a4aaf6227866cd586a7c9a9f2a55422e5e6a1686481bfae2c2683843c742ebf8af9ae5aa1a8c8a2a6459b768f89dbfd926c633d0d34655b0692
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+9:6rWpcOPxPke+e3fFpsJOfFpsJbgEODm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp	86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\86dc41d03f622705140c7b6a71967fd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
93KB

MD5
0ce601f0bdfba9cc640627c944a18f37

SHA1
e7c6183827eafec4cad9a6ccadcc7debc483281b

SHA256
15b46ab688d4cde6fd45fb25bbbb5e837c491390b061d6be07541ecda017bebd

SHA512
d9bcde02749c88d02bd435b7fb5f56c98df47215591e221f8ada96a452b3ca3ef49024c08bb8dca8f527f4f6c7bba302b38ee9dd22c5effca5a535b1d7e9e894

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
fddfea0cc4a54ad11f9651c20701b82e

SHA1
db77da2d78c8fc9805cfca3c2cf472786d7a28a8

SHA256
ed34b7b26d7bbe52186026b6040831becf6c07e6f4b66525f48c7421ff424339

SHA512
7783be364b8d04104ef783b2190bd6193adf629cfc2e3e42e05dc145369d2ffd504975be0729a3ee2074f7f2c446796faa9ca44406e16fb97f326d1f76fc4427

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads