86fb4d6668278ff6dce0dbd2b1a6cb77374405575364dbe3c100ec2daf240537

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 13:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
Size

81KB
MD5

c97596287f3080641a4dad7a93e03030
SHA1

48222fccba6d78d527fc461fa3c2eee010c8d4b7
SHA256

86fb4d6668278ff6dce0dbd2b1a6cb77374405575364dbe3c100ec2daf240537
SHA512

8a90af98066763b00d0270ba2e94d6bff8ebd601b3650c21586736b18742cbf95251a86a5e513da0a5b0f7dab30f52625ec461f069784b19cda91a48b3a62f00
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJ4:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0z4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
81KB

MD5
fc458cf49b7a87a8194918362f3d7534

SHA1
67849b698485f62b8a36cba7fb4112eec6852d5e

SHA256
70d3c78f3efdb19853a262134b62be5bdc3d0f059a7b3871ad1a52928ad474a6

SHA512
94fd80cd8225a0b837fe1425d9e444da2792ef08e73cada6e0e94c20e36bd282e3f266f65d12a79212730fd4c63f31623e54ace9e931c0ee87a4e5a0c393ad71

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
b221d6bdd0075efc7d85509c5cef30f7

SHA1
82d62891158adec94be8db9fe7d0abcdfb5b771c

SHA256
bbf33ba2bca3f7513a938aa7e947284f724b35312694f71b9db88b9f22afc16b

SHA512
be8b4873d229ce7aaef53c3688b8dfbdd3cf4ee14df381bb5558e7786151200c152899325cb606b9880d6807fb9ef37fb61d229d99c4e69658c7a4e80d13e37f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads