4ee9c08a497115c512d55109e9dd5de47e9136c6c146f49b2141437683075c56

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
Size

68KB
MD5

80e8bd96ed9c13c5b6f5f84a520807d0
SHA1

b946062d02dd58bf6b68a950a5f907d6a8985173
SHA256

4ee9c08a497115c512d55109e9dd5de47e9136c6c146f49b2141437683075c56
SHA512

24c9c49d38aaaa19fc4b5ee262062df517c636cc0adc16b07d8cda71d00051204f55a7611e037b3231529556894a10e3b6df47c1ea26bf19b3ba1c0f305012ed
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuWnwXuvvnwXuvWY:W7ZDpApYbWjIlE77uew2w6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3657) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\80e8bd96ed9c13c5b6f5f84a520807d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
68KB

MD5
f1a80d40f9713c34002feb8cabd8577e

SHA1
68a7bbf62e6c7e74d21c8f4daf1b56a2388b8f68

SHA256
3ae712f35a037bc109a50976eb19eca3b567af87c90c46bc50922437a599d2c8

SHA512
46a790341a37febd84bec3e96b1b339f4c24e5c243bd8129d0e24a0cf2e680b0e5f6d2044055c43db5e9f9ad64026231d27719170ea8d8557fe90a413f3e9f4f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
80eedfefc292e974dc431ae038718453

SHA1
b0c24a010389b7816c5d3848700d07dad0039ae8

SHA256
d0a3967bcd1bb52e580a9bc49386f0715a4fd0e45110223b7c1457dbe31667c4

SHA512
78f63e0cbfec5783182581471c67e0ecd4651145c09498edb25f348611b7f8f94c10d24e43bc3f091a0881764ee1ebc105a1a5d3a40444946616239cda48cb14

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads