6df31a2aa901fbf7c9f585cae48f7f8687b997b81bae6940151d48071cc96bb9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
Size

94KB
MD5

61caafe81ba97b631168c28cfc554640
SHA1

56357636a142143211af066737fed925194bfad4
SHA256

6df31a2aa901fbf7c9f585cae48f7f8687b997b81bae6940151d48071cc96bb9
SHA512

8007c29fa1b56b57edadb61e0ef227d1b47544878c8c600598874900e7f6c2b28268c4accbd44d2c6afb4715f12e93e20a3e6f828b90966d527aed3f3b43406c
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Bpyo:6rWpcOPxPke+e3fFpsJOfFpsJbgEXyo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
94KB

MD5
dfd3bf8a6ed2df7449bb0f86be522997

SHA1
fc715e0f26fd34297296912ba2d73263b56eddda

SHA256
cd38c94b6645552d07752e8321208d24f4f8f0adc761a44cc46d4e39a947ae52

SHA512
2dedbe1a5e62477cee6c0b6b43e3e66947add8a10ac46a0feba4429183960621f8be2244ad1887058a4aa40468bc8144e64517a5a685dcbd4c014187d7d0e00d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
d5c43ac50c17dc869ee9e7753634d4f4

SHA1
9b213f4cb87a432ffb64297d36243974d6275a1c

SHA256
18f4818696124b7d79e77a52ca067b25cefcde6d7aea731b484de91243d847d8

SHA512
2492bde2c9698a938201aea8d70820d7cfc237be5d000eaf1ab3335d3c2af3496442ef3309c9c107dc53b1c9fe58a5870cccc39de6d8713b793bc33c514ae0bd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads