9a38ab1de3991ff6ec8621671c1e3725c006026f64d6ded9a905086d84b47bb0

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
Size

209KB
MD5

75f985977085a5f1da0948970c14ac70
SHA1

83c06dd599e1decf114b284a258d3dfab73ceb80
SHA256

9a38ab1de3991ff6ec8621671c1e3725c006026f64d6ded9a905086d84b47bb0
SHA512

6f98bef73eb8d64740fa03e69561544881897fb05af5824cfe569e88c26058325ac1830a64ef335d8f251d2cda4b856daca815aedcf5e5d91d73eb215fa8453c
SSDEEP

6144:RqlIyFESWu0SWu2shFAC2jnkbOupvuv+qM/qM1:tyosbpankbfcvK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3052) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75f985977085a5f1da0948970c14ac70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
209KB

MD5
0c9eaf706b55643ae54935472439e824

SHA1
69eb12d4f0be7e993df758922a04f66fc6b8b307

SHA256
6e6129b3a29134d92c4d2f1ac355eb9e638c4e63d14bcb02062ad04aa9d5c25f

SHA512
4c009f592e8e098d0df6a8873c885fef3b659d2114cb45bbaf50326d6e8f175a8c852d78ed8204fc0621dd8ecd5b08aa5fa01333c3880d2760e74168ae5e446d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
218KB

MD5
eaf86d25d7480fa37fadef61dd28749c

SHA1
5725d499477c43754e4beb952b202f95dc622fe0

SHA256
b3322836ee32e528f40e4178c28e64d68aa98aef8ffb8dcca9af9511399eb3aa

SHA512
a537112ab257789f26178d7eb4e722a13c5b62d274cb06557f938b745de23a0b8177a354976a30a3f08cb515f2b9348e50ee277e8401436ac289abd7347b0739

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads