d414afe7c36fecd0b3b558bf933abd8a21a005a114b53a0e205b1d083884e026

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 07:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
Size

121KB
MD5

a836891dc59f5e7aa8343c1ed48c4140
SHA1

25fa0dc50251ad966bde7e368cb3398fd021e367
SHA256

d414afe7c36fecd0b3b558bf933abd8a21a005a114b53a0e205b1d083884e026
SHA512

eed63a7616de377276f7b5efa7cfee8676cc360cf5c346972645b852279ecfe546e6b9a02756aa8e4849e00ca0a6a47c098d9535631d46868060e3c32a18096a
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzl:RqlIyFESWu0SWuGS3Sc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a836891dc59f5e7aa8343c1ed48c4140_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
121KB

MD5
087614ec5924e998406024e00c47b562

SHA1
b910819041b7312a845133f314a6f128991fddb8

SHA256
3f3a6090bcc77861e1f45f6188556227ef129d2c6839622917642a530caf80f6

SHA512
938e0006dc91afa0ea186cdd87d556471a1042d56614ebb73269bf6b338960a76e2ef4318eb66af54f0ad0d80817370049d90d0f357deb26e6e3f6c914f0fe1d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
130KB

MD5
68df41489ecf59ad6284169dd446ff1a

SHA1
67f5547c5d4d6306d9cfe6854d23639d03ef71e5

SHA256
fd31f2480e248bf9716d22dc470c998cddf9738b5f0cf730872336eaa880ff09

SHA512
a1ab3d1bdc3bfc94121dabf0247998ad209d0ac0f48e954743c3548e770eb5b03f8916f69a947f5b7e06bf59a6804d4df5f2615aff0e89e8fd52ec95a8d6bd1d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads