934d525563b1489ec27d6672b37a11fb1436ea58cf0de588ed6a33752e87e8c1

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 09:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
Size

73KB
MD5

ac7969c6634b52b7b26b8acf7391e150
SHA1

b3a8570c2f2f7c2b7a662aab5931196001ac3aed
SHA256

934d525563b1489ec27d6672b37a11fb1436ea58cf0de588ed6a33752e87e8c1
SHA512

7315197bad5680e35e2fa2689cc17daa2eb6b0b523664f8ae3eb0e5e3c07ed54bf4495c495f83a772b5d3a7087791096663c08f85132ec01739a5a18e300135b
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyumxDnKIxDnKfoZon:W7ZDpApYbWjIlE77uADndDn2aC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3500) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\weather.css.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ac7969c6634b52b7b26b8acf7391e150_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
73KB

MD5
6ffad7b53a5baa1040ff6f2272cb95ee

SHA1
12b188cfb1eaa7036a5644af12fa08e663b8e20e

SHA256
31a876e078decfcbfab1da3d2e80766e9ec6528c0029a6a7fefedb5e1fbb8086

SHA512
98e9c2508366051801987e924d8fd218231a040d951c32d9954748fcd70158b2a8fd5d0cfe6d0dc1c76e5c6b6f992bd7992f0f70c3f279a7024deb682cd8067d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
077339b468681b99e5a2683924dd9528

SHA1
71701d8325cf2b8ac9e49798c46f446fabc00de0

SHA256
0de37873cce081a18b34706be1b3474521bfceb7cc40605b97cb0cf2f529282f

SHA512
88bb0ee6fd772f9381240b2d6aa9e0c2801f5a8c3ba5968ec45f744ad0507bd862ad1cad3dd3c02d8fb878692256d6a6988d1ddfb87c52e383e97136ac0cbb44

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads