bf6ef76b0cfbd0cac65a506ae96192fbcd25db8620d09447231e81d594578053

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
Size

84KB
MD5

c0ae69264b7a87a7838ee70d8fe87db0
SHA1

245637f0d58b12925f63f5b08e4e431343931606
SHA256

bf6ef76b0cfbd0cac65a506ae96192fbcd25db8620d09447231e81d594578053
SHA512

56995666a43254720452166e269d336b851804e3c8be0481e3bfb8db780401851e54ca33c0a0cf9a79ec8d3e7693de8ed6f8538dc9e8af630798192c4a13ceca
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tJFFxr:6e7WpP9oVLQthbYY9oVLQthbUrt7tFxr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3513) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp	c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c0ae69264b7a87a7838ee70d8fe87db0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
84KB

MD5
84f8b552d1d79e4b91da7585be0991fe

SHA1
9e67b068a35e2140140c326eed0cb849733ba9b0

SHA256
116b9df78a36e9db0a8c99c24a38e823ea7da86b43292a85dc7b1a5f5c144aea

SHA512
f1ca3680928c83639b66bba0abd7cce8da974ca390307369d80e50522457c38fd826da263d9fc8f19d3162b9bd59d83bab68b7343c46115523debd99224ae8c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
f330294b9ed39c3d3cce31fe98c65b44

SHA1
7271946b3c25888aec59004b6fdf28045406a793

SHA256
6782e9df4958f0a20bee3d7184961aa9142155692e5803fdbba1b8213f14d4f0

SHA512
a9c72f06805c43a57a3f093307f1470a830f96b1f0e4e1aa54e11b8499219e1317704a8a50162eb08f43027091143da2044acd0f14bbadd00edbce92afe7dbcf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads