c84271e63f89d0fc1f2a8231458f1b8dac6af750bf274abb7f7db3c0382e6f09

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
Size

135KB
MD5

24ce08bf7dc5b14b77090cf5151e96f0
SHA1

bc34dc9198cd8ae50ee57eed92cd99dfffa6c7b4
SHA256

c84271e63f89d0fc1f2a8231458f1b8dac6af750bf274abb7f7db3c0382e6f09
SHA512

e828aaca2c6d0d0df31b6cfdbbde51dd5170353dd00837d21b8d39801121d75e82e9525cd4d56eb2506154f0ac5e46091c71c7475ac2afd5fa97c14321307fbe
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOK:/7ZQpApUsKiXBvzwvzXJvlwJvltbW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
135KB

MD5
17ff35440ee7e682abf1c03c6084f1cb

SHA1
c349e29832f73bf4419d7eec51edd60efac0b1ea

SHA256
502b7a55126be90c851e2190a135b6a62f0bcd6ced471bbe2204a95a2d949c35

SHA512
7799d0edf701ddfda4561d2837010f05c74d28804cbdd25e2de44a76be820db7d333cacfd86c4ed4bd508c6a98af6b5bcb71f864c5c52127937f9b73d0c9d344

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
144KB

MD5
5e0f81d566c7568bcca13ba225d7b136

SHA1
805d331cf116187c2c5798e5081df9060fc15bf4

SHA256
d99beb29d36dcebe9fa8d866c43713d7d2467cd18497797dfb709e61052fad35

SHA512
c825a1a6e43746d02e2d92ee8f3517d0fb9b142cdc1132bdbeec13c6fc59eccd409306b63c5451edf0564e637a770b9a4f7adbb6319d54f42c0f626447960128

Download Submit
memory/756-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/756-642-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads