c32b106b296e81591fa2c5ced16706f11c12c1dfa460d3b8870b14bb39fbc748

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
Size

97KB
MD5

449274f1b5ecb4cd37c9cbf89b07b9d0
SHA1

b8c6c3b9c4f8f87182d0bb172bd1743a4806c971
SHA256

c32b106b296e81591fa2c5ced16706f11c12c1dfa460d3b8870b14bb39fbc748
SHA512

1704b5b672d7cb887aad3650947919ba83c32e998f9c53b5f435c18847aa9149d0c19a648017624b92b29dd5bb7b41be7c094bf48beaa97fdf30e1445cb32cba
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDlxilxiB:6rWpcOPxPke+e3fFpsJOfFpsJbgEODD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\oeimport.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\449274f1b5ecb4cd37c9cbf89b07b9d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
98KB

MD5
c485b5c317a625091ca3c8cc24eb1602

SHA1
636eff3cb4189ba84f21fa4c4351ea0dfe1e6d33

SHA256
410a88b39e57382da2a49d630c0030eccf72c49af6a1ad5caafd349398f71d46

SHA512
f71b9d0e35961168c697c633e24e8d0c2f89230b2d88808e619cfd5ad6c19e69f124e6de5e8cad2141513b999df097339456b7683e2c00a8ac6d970df4b9572a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
beaad80037bf47ef2cdc35084ecb64af

SHA1
a046bbdcf9967c0fff470634c7fbbe0a06604966

SHA256
ec8ca99f24be4cc84c7560f2fd54f71b87fcc8b9cec35cc4f0e008b22e497cd0

SHA512
01b882838cb6389c0962f8c0dcfec6bb305733b38bd4ee99645695bf1e2d6a5173c8e9d3ea6e8c489c8a0f314c9268df14ed7068fd8dec229b7fefafb56272ba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads