3c9542d93a73f4f7403e16e34cc12a76cd5a83f1908ad2c971c42b7b1b99707e

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
Size

112KB
MD5

87a0482be83dc9a299d4653819d29a00
SHA1

1756b9338a8ead5aecf00780ac0b54cfe1ca591f
SHA256

3c9542d93a73f4f7403e16e34cc12a76cd5a83f1908ad2c971c42b7b1b99707e
SHA512

3b82aa00dc964ccc05fefd212a92c81b2bbe5b65995a763707793b0a02d5c3e2770242642d7142bab914c48a5a9ee3adcd45a9dffff5c7adb7e929a29c70e51d
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXD:/7ZQpApUsKiXD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3425) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\87a0482be83dc9a299d4653819d29a00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
113KB

MD5
0fdd92602dd4ae86f00f2a9bede48584

SHA1
ef19099fc5ee6e7ed7f2c0cd7c61b064372d5c7d

SHA256
a46160767432bd7ff3f0c9aacd45e6993dcd8bf2c76af0885932f8dcf0496f9e

SHA512
955154a33338557f705c464c0e9888effb4701e9d8615643e80ad7b3f29419122e98ec667537ab62f2e64a2e06258dd7cc61af78f188b219c99f2d342f92b934

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
122KB

MD5
b190524a19cd070bfb8b71e6fb0663ea

SHA1
2b62c697172eb9c5ae7f04babacaff4f2c843183

SHA256
d32bcdaca93aaff6a3cf163eba9c8d82eb5009d206dd3cf7008928fd72378f0b

SHA512
ba81adf65fd357a9d885f929103a95cfabaa9b39aecedfc6a9373824c5ed64500c4c8e440c20e13b0a1f6fd62edcffaee42f6da1e00d58ebccba6e42e40acc10

Download Submit
memory/2368-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2368-594-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads