690d213ad3c2eaea2db4d9747b773c94b306576e72ced522c79a60fd6a0bc219

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
Size

96KB
MD5

03ebeef887b6cfab8674ba1c4e117f80
SHA1

93eb6e10e8b21f92df15278533cbc5bc9bf4206d
SHA256

690d213ad3c2eaea2db4d9747b773c94b306576e72ced522c79a60fd6a0bc219
SHA512

ff54ac1b8b7646a580c0e012c612fbc04374a28b91e8cd5b39d36133413d96765d5545cb0f5a96128dc004a8847dc71b986a8957ebcc0404325b9d9f15d6021e
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7DMX:tFPxPke+eIJMX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp	03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
97KB

MD5
ac3ff04b8c4aa8b4dbeadbf200f9502b

SHA1
b7374df7a5b89091808572eddc45795193611d29

SHA256
5e8e2baa696aeb2eed25eb0c85a62a5b7cfc74d5f821001f39ec777dcb081d6d

SHA512
f9ad8d72afb272cdff0f36a51333e9bef1e721e915e156f046a1abef2179ea1539be0d201c30dc44e543b6e48dc05bf5858701149a920bc2e13a4d2d6821f7bb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
f735b3558dabf396a810ca3e73dddb53

SHA1
f1ed4137bc37a739b1c5d88b04e820e469998237

SHA256
8226c34e79ed546f9e17f1c77ff3988aa63a1baa08174473deb722fca4ba48eb

SHA512
818b86d7962a101bc6e975c24e29ab2f91cb08518249254047d3e8d7d1bdbfb3eb9e9a1224b64264a34a8f7159ac49ca164e1f25e868b82e0f27042b4e257c16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads