9db3293defce2f326d4a9757eb26e2c0f71b27a6aa2b8940fe77cf1806a848e9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
Size

72KB
MD5

30bab38ca28f5ace1a9da25c33caba40
SHA1

1a58588b6e7076a098a6b6e120c04d1cc722bc2e
SHA256

9db3293defce2f326d4a9757eb26e2c0f71b27a6aa2b8940fe77cf1806a848e9
SHA512

09190e9f5c0c1f8bf343a6fd7cc26893602843a000bc7e1be87d2faf1dde792841a7740097b633ed2f8cfe79185f1aacf3bead179be26056d7073aa40be84c90
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2FjJk9O7X7vX9O7X7vR:W7ZDpApYbWjCDOcJO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3751) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.WPG.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
72KB

MD5
bb669810d007d2baf4329c2385e35bad

SHA1
042985627209e4fcb55098ef4037def90b276eb6

SHA256
51800e0dccd44fd9c724149323f9aca2eabb61e1c51ac5e6ac776ee81fa3e26e

SHA512
6aa60f705dd35d2cf2ea37289d89ac31ddeaf70d349eba55def3b2e3491721260f44102966241a31a334b57602f84bf6e1d9ad789bf61d8cd4788146003a780b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
e84ad56c7fc105728891b49a1682b3ad

SHA1
0a7552cbade8941fcb7d08a3b0edd008a18bb91a

SHA256
ce7e0dbf981b3a35c69cb99487f3587134acdb57bd0027e1d1d3a73f36a4ed4e

SHA512
84c8c5958cb0059b8a264112a7c645554a950ce3879ac8f460934e494934b452ee15733502d3e35a025f278ea00997e2212a2e55b09ffd627a9fcd073da6a214

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads