1111b4b283434a8b9bed7cc2fdcb3c639e1cebe419ae260ca321c3629434318e

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 18:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
Size

80KB
MD5

296077f1c1e06b51f0cfa6caa5290980
SHA1

c3305419b4ec78096fc7199d0a5701c2ec181d22
SHA256

1111b4b283434a8b9bed7cc2fdcb3c639e1cebe419ae260ca321c3629434318e
SHA512

3004ae6035d4e37c3da4a6fa014c12084cb9dbb394809c89db0380990b1eda9b30ba779d8ba335f206f5826564f7023d5db64e959c0b11e77bce85e94db6bfd9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7HT:6e7WpMaxeb0CYJ97lEYNR73e+eKZP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\296077f1c1e06b51f0cfa6caa5290980_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
81KB

MD5
06c6f4329bfd4f27aef46d3ab403782a

SHA1
d4550424a807d4187cd46785510b10acba5c9d26

SHA256
f8cf08103c94e7189ab14e82f347f0076f1771f66781ba97f15d0b3754359c02

SHA512
a14d31200dc84a3fb77aaa14195100ea58b83fee2d01448422ef833f5cfd586c6b930b7167c79855e1ca656709c5cbb65e1c25c3cb69daa587c5e7da60c38b19

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
a152983e8ef5d5966847445b654abb8e

SHA1
e894be1f21cae257641e95218fdcb47dc89e7caa

SHA256
fa3d193b1972c939261339a6c54d8ced89097733025999013b15dbf61157efe1

SHA512
9f9c731a25f0cd8cc30cc2d4a8892b587a23082cd1db92745ae07cf12baa0ead3de8b4589438d3ddb142fda8f5273b85b2f3ac03b042cdcddae35335652fa051

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads