47f3febeb1fd7f914873e08e8778692135208d58f22d39184a7ea28be4dc8ba7

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
Size

128KB
MD5

02ef1851af0c1988ce9bc64c2484f820
SHA1

eee61dba9aa1a8186ae6c5fe685813dcf949438b
SHA256

47f3febeb1fd7f914873e08e8778692135208d58f22d39184a7ea28be4dc8ba7
SHA512

17e65b24e24ba6afbc9a311ec33520196f185d97648871f6c11eb7855e1505f05d534c68b3c5f40e14f78bd2504b4d467202efd43f13f5476ea738a4514ab0dd
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOK:/7ZQpApUsKiXBvzwvzXJvlwJvlA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3425) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\02ef1851af0c1988ce9bc64c2484f820_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
129KB

MD5
6291c872839da80e0f4f10540c52c97c

SHA1
023d4ec07c543ae3d140bb192eadb3e4e7476694

SHA256
8e727288a3bc59cbbed571bbb9cef887362e8f5b1a37bb528d6d45c774956227

SHA512
cdf110a5a3387ab6321c4a2ae15804c3dcb3bdec109c29e3b18a591b14189119570f325644c1f5fcefa5199233a47e5f3b6072ba848c6a6cbf6be54d4c6c031a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
addc3fb580741731eb35b7a70f46339a

SHA1
9e3fb81d03a65f0295bffecf86c8c0de9445907e

SHA256
458912c4887cfec900cc136ce86e9946085d2833ca9833147c8de83444dcc909

SHA512
ffe6842e6f6756111b493c7c6163dc520be5a10c245375947a2af7d3f6af35a3a8bf228204430d83eb4f3dba5d61431ce653c355ac1ae13a394bd0010af9ff52

Download Submit
memory/1964-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1964-530-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads