278b30a0f56c61caffca89f4a202ea39e0ff4f7586dec0fcd5cd85684c22e6b4

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
Size

128KB
MD5

1a31a0df7fc7f9f2dad6e70cfc1f2270
SHA1

d0ab4aa2d1f8e297838fbeb343f1ae28aadaea78
SHA256

278b30a0f56c61caffca89f4a202ea39e0ff4f7586dec0fcd5cd85684c22e6b4
SHA512

9850ff2a930215e1b052ded217e31f9d7ed87ab73a1f1a4308b3fe3f0ee4b840ce41368e4bd5d32b383500ce4aae9168040f97ece4e085a2aa71b31b41900a44
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPKX:/7ZQpApUsKiX26KaW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBDoc.DLL.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1a31a0df7fc7f9f2dad6e70cfc1f2270_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
128KB

MD5
c31452782a794c2376239938b1de3358

SHA1
fe01402c7ae9bec97e52254c234d4743fbd98fc8

SHA256
bd13ec32828d9c700d70bc8384763a76290e1d0014d8d7d2b5e37ff9420a54d0

SHA512
86438ab9bbb37578dd3dde5ae28ea37431e7ec68fccb0c7939a559a88c8ea3a33570b41feaa6103a2ebe1da9d1526f4df447aa49025d4cc86e8168ae6314980f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
458b1071c7cd78c2f67247a8a5f956f5

SHA1
5857bdc3054f5239c7f709e830ce3b796b6ad59c

SHA256
a60b92ae013080e46940523ce32f298ed0248548b1c063dbeaddb6fa991a86fe

SHA512
01c5e83af8d2293a4d9bd58e92140f160d07a8357ae5b3098a4bb5d6b0dc5d72ba4a021e217569aa4bdad95c39864c700349c7f39d99040ab44c29d6c8523224

Download Submit
memory/2316-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2316-644-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads