47632db62756e788dfa79c487d82aba76362748f0f7a6502ef4d301afe7b2251

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
Size

95KB
MD5

0101e8bd91eb75a3de3ab5ba5d420c00
SHA1

2ef0a43dfadbefb4be8535edf03f62aa1420d673
SHA256

47632db62756e788dfa79c487d82aba76362748f0f7a6502ef4d301afe7b2251
SHA512

e68dc46bdd68119d4a16262d68739650934298849d6764b48a284c58984c453a96a833ac95120dca981b56f3330c23907b02747003ca3480b582945798dacf99
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP26n:6rWpcOPxPke+e3fFpsJOfFpsJbgER

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0101e8bd91eb75a3de3ab5ba5d420c00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
96KB

MD5
80080c760a1bed2f6d05d367614b19ea

SHA1
94baec9c4ce9b47ded30e596fe2d4c5707e1c8c1

SHA256
9ae2df760a6157ecdbe8f299fba789f4686bbd20f61f8814c979c3867890c793

SHA512
5aab0a06bd7dd664755834091dadd5e57e44f199814ddedb63137d915a1b11d8f2285996ec4e0fc7c8c14b98234d56e04143037ca0b60b6b2a0f3be040f64c0d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
833a12433dd6d92a4c22ba2e43b249f5

SHA1
ee18bb88d97de6fdf949d44cbbcf8b181640e7da

SHA256
6b6fae6f1d347fda81264285f8631747c0ded885eb3762b664fdf55547aa4876

SHA512
be6b578ff0371be8059b28df6cd218815070e44a72d80755778e1cf4cd347351193dd0aa92cb6f50e77e85fd130884fb35cf5bdff79752854544bf03c57e1317

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads