350ec63b88918b543e9c41dd70624c825734082d43d7f375f4309c7af9ba04d9

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
Size

128KB
MD5

cec4354c159565bc85ce5f757badfac0
SHA1

1ad518be3007b86e41e98792aa2c07ded50abb9e
SHA256

350ec63b88918b543e9c41dd70624c825734082d43d7f375f4309c7af9ba04d9
SHA512

22463483b764d9117fbf5eca7bc0de9783684d1550ebed8a2d05ac9c401f3fef9b01127f4bcc468032fc3cfd2d0a74d9178b119f3522f2b98f7b4fa2cfd02fb2
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzf:RqlIyFESWu0SWuGSiUT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\install.log.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
128KB

MD5
338ab82aa4e0123a9e9a362c96224fb1

SHA1
77158c1f506ee5dabbc0e6a27752711a07828c16

SHA256
09054c16b295d761bd548aa3e725bdb4607206bdea5a9c8527f5809b1f6f2c9f

SHA512
06cc5ad9033c6450ec5686bcddb5e74d1038cfbc578dca2e00d0abe3f4e3de1465009d1a32e974d55c82a7a3b241337f233c53ac6da42b307be3edb964fdaa1e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
489a368d267aa5ab8dbadaf55b85db2a

SHA1
24b7603d739319b4815994345d912df858a04d9a

SHA256
8dcf18e8f1d6295f1f53fd55687285aa3d7c98ef6f725f71c05a9af8ff3e0409

SHA512
d67e764650c1660909e0276ce1c817ad9f4655ab8f5f5878cb43b3997f161f49c66f3230d23ab44caf4f1319e625e5bbb1db024f64a53b9a0a8734dee20ce772

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads