58429a980480428053b2359a2f9729932f544f99e1c9cf503a51a4087fbea805

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 05:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
Size

104KB
MD5

71b4a290786aeb2052f4f0befada2780
SHA1

9d37b5e41369b457049293277fe87865bb352c72
SHA256

58429a980480428053b2359a2f9729932f544f99e1c9cf503a51a4087fbea805
SHA512

de03bdee61ac8d05b8af85e92f11fb97df45188f021c430e33b9434fade9fc3e975b4d529fc2773b2722fdc3f164a11427d1c8708d212c6c5c584de6bf569e45
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOJ:W7ZQpApjIWe+eoO6O2lpiMZiM/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\71b4a290786aeb2052f4f0befada2780_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
104KB

MD5
8e928a17d70a325391220ed12ea79f0b

SHA1
dbe0faedce620a5e4a312bee3abf66c2453e702f

SHA256
422e2036deae34ea48871baa26a8b714be95c9a1d6267701ab1a1271373c56aa

SHA512
c12640d3cfc61a14ae1488f75a569ebf3ef91688812cdd31e0d901302829db3f3ef399cd085de4409873cd26164b3ba38bf69edd1333504f63321c0f93a1df56

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
1b4f56a9d459338166cbb178ee0d2c17

SHA1
a8fb8cf29739e11a7657b38d6e073389fe83c8dc

SHA256
1c833c0f884197a18c456c0e36555d54217e388bb161072c430b7616e9e2f199

SHA512
391069368d27160bd892fc67a3702e8454db767a82f37ffb380208711570d7a6b26fa08f43e8ea14c7cb24a2e0a4fc2fd09891eebe71c33a6284421b32ca7b1e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads