86d137578fd618653150b9f1fd90f70e7c9eb588b3dd61309ea5a4621d60e396

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 18:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
Size

50KB
MD5

c0fc3af14668e55f378a3a8b2f929e30
SHA1

ef3e85860b2e1d706eb5bd03c2694cbb1fed2006
SHA256

86d137578fd618653150b9f1fd90f70e7c9eb588b3dd61309ea5a4621d60e396
SHA512

9830b887a19b130d9451a74607a50fc477aae7b05aa610ba8407a91c5c806c1e84e6884c0e91503dee2a235fec534851bea7a2cdbf061d522f2bd41a3779db99
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4J1011:W7ZDpApYbWjIoPyPoLzO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3736) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp	c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c0fc3af14668e55f378a3a8b2f929e30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
51KB

MD5
aca52a46ff273fe4911bd6eae2ef1185

SHA1
3968ff72e2b3db1858c25e68e4a79fc724671c1e

SHA256
2bb41046605497762480ba97b43d5430b3e94286e6349f6ae4e7de85955fc36f

SHA512
88e3b74fb05948a2f782a9c70df2b639e3341e0b0ca00e8d17a2bb86a56c77c4f1e990fc5399db4184f827247c99302aff5b9986b5a06361977809d475094d51

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
51839a6722f16eab24acc64b65589a82

SHA1
64f102610b52b79625f5a37d6c636e0f2554ac17

SHA256
37b6a7875a2ef2c937ff0a692eb4b367408199ebcb9e34a8472e61eff8fb9a4f

SHA512
3d6bb0bb5bded9469c71f74730a2df16c4cbaca5b6448d94ad698094855dbc45d439afb54e8d81fac76fd7e242799d631e2a12782d6026ffa7cfee8adbc9dabf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads