52fbbb3003165b91b24f64855ffca24b8b66d9cbb202099238b089f73205eb88

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 08:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
Size

55KB
MD5

aa9b804955aa4cfc0a36bf0963470060
SHA1

2634ed575fd6cb5baec49e053fa552da0033527c
SHA256

52fbbb3003165b91b24f64855ffca24b8b66d9cbb202099238b089f73205eb88
SHA512

c5fb1c88029cae8a61754ebbb008e0b4e9c5f30faf5c9125b6af71652b3b191602cbe0f796d3f6f4e453ba84ff5d1f18c8e0ae73833bf415ae3c00cecef2140d
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2F3Fxve:W7ZDpApYbWjCDOEve

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3689) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
56KB

MD5
010cc763ceaaac85210576ecd44062cd

SHA1
bc23476a886dbec7421bacfdcc32391a0b51f73a

SHA256
0f1d66146264e31a8426e986b14ce89308bcf9155acc7a9b765d6d7e96817e0c

SHA512
1879ecfe5317b1185a60cf91bb62d66b4fd06b4d2eb6adf4d1fca2302f5265378825e6a129f973219074caf02711d72d5e5d3c736ec6871eadd82b5ea2d4b5a8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
566270f15865d95cf9bbb58916a58d6d

SHA1
d4406e7af437ddb39465811e59a2673562af6306

SHA256
5a14d4b8dbced33b7d5db8fff281d20d66d9678af31e239cfce08929cad07d50

SHA512
ff53914804476e0233dd848f5d318b0c36b5b6fd27dc338a4b703a6724ed2715e030d2d69ce341d12a942615129e462308ed480e2cc911cd50bb9f4881d26b6f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads