ffa4fe0fd33d0ddb12fe44b05297dc2ad09bed0cb48d4e6eee73eb999454273d

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
Size

129KB
MD5

5aa09d625a9a578d2cbf133637a8e7a0
SHA1

2445e71855ca3cb86156e15adc5e3fff40398765
SHA256

ffa4fe0fd33d0ddb12fe44b05297dc2ad09bed0cb48d4e6eee73eb999454273d
SHA512

1905d71b0f313e34be0e487d97540026eba063e52600be9219e4631e0f92a25296e253d693a52cb6f634a35a221db809220f35178842d7b1a5a9cbee566b73cc
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO4:/7ZQpApUsKiXBvzwvzXJvlwJvli

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3316) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\UnprotectBackup.mpa.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
129KB

MD5
fef1cea7f987815a1f239a8195fb883c

SHA1
2467cb39af99bc1be3b864f6f2d38413865e0564

SHA256
68caaf362043be105776f771399c954017d6904069551f5d926ac7b1f7ff16ff

SHA512
4e19e0e05f99f1f2fc9e991dcf78c192438bcdb7d9923a50e26180521030bfedc251ca98daa713d3ecefb7b6aeedbdd9b46d30cb5e5191baaf83bbcc8e0e8764

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
564b66e1b92561a238995072a22c1a1c

SHA1
1c70305f47bf0ee4860324953e0fb679a02b6660

SHA256
8f9b3e270c92fc0cae4e8d86e8fb8248f9eea84d5051226c771e9a44efdcd632

SHA512
8c51a8fa4a01517cbe69e351837c4270d6cd983d9ed918309fa12ac5ded406930cbb37a847ed5747e9ef34d73acab87caa12662018ef1d30117ba067848574f9

Download Submit
memory/2548-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2548-384-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads