05be7118e7e209319681ed18660b81540e1af841b98ded5c688f135ba329601f

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 02:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
Size

70KB
MD5

617ccdf88b1f49db7be2d57b4f8346b0
SHA1

b2f8ee924225a1d02d5c73954e11e4b5c48431a0
SHA256

05be7118e7e209319681ed18660b81540e1af841b98ded5c688f135ba329601f
SHA512

6411bd3ff43d0b155ebe882469ea60c76a745b63c2b04188c87951d32fc5fde13426ee4ccd774191aa8416e775ad921f5b76d8a720536989633d9f1b773316be
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tv:6e7WpP9oVLQthbYY9oVLQthbUrt7tv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3699) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\release.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\617ccdf88b1f49db7be2d57b4f8346b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
71KB

MD5
57158a2658ef1b4801978257b1470e7a

SHA1
822a782176ba934b8cc002829a7902bedb6d1c89

SHA256
c63f3592bb1ed0cc6e66306d26c7a5a2616be99c15a3824203d1055351bc1aee

SHA512
95fb62dcf19da525380b94953e01b857bdd6d4cc09b721565304a301169fac6ab50484e95cdfd2495d53572caacb38f58cd96599bfb7e85e51ad10252dba4c3e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
aab2b0a8e5214ecc9df1615ac6f0c11d

SHA1
3bb8b88463a9638c995e094c94824f2883231012

SHA256
da17113eebad49376b09c08c7c1be77018880dd299f3e19a883d7ff1a729fc55

SHA512
46bb47a387e2c6d83ba30ee8ac76691a1c2eb0138f5423417ce30dd431241ba42a75d8122aa80d4fb0f9e99c971462baf610750843071cd5774472ebaf439ea1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads