f3ae7cb712bd3e5eb3f57fdad6f136459819d531e649ead822732ae04cef5e13

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 17:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
Size

95KB
MD5

04ea36716801e5a3376f1ca4e2e9f950
SHA1

b67d7cafe907db184345d7dd75469e344a6a3309
SHA256

f3ae7cb712bd3e5eb3f57fdad6f136459819d531e649ead822732ae04cef5e13
SHA512

2d39d1f3717219143ada8cc97ed9c0ff8e99ef990e5d0afa05c089964dd85d96ef8112a171d50f472bb2db45cc633bab806d714bf0bdf9b58676f8f44a2f0270
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNP9V:6rWpcOPxPke+e3fFpsJOfFpsJbgE59V

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\picturePuzzle.js.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\04ea36716801e5a3376f1ca4e2e9f950_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
95KB

MD5
bc0f3f487f549f0c91f80a0891ab8511

SHA1
63e87b50f65525f4f0279e3d13a03a7be796b3a0

SHA256
faf9f1ca45cf115725b780623577ed59ee58f52b7fa5af9bd03f64fb282ff4e8

SHA512
4e9fc589873ab524b03d176b0a1ae618bccc6e5ef3da9bd81435bffb7c664fd1aeefd5b9e2cacb963eabca9d3ba56e60cded73f92ec590d5935a1231bf1fa702

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
0755dd7fd4692a5ff8f4224f11251ab4

SHA1
e12ddb4881bc0e25f29d5093de30b4b5910dfda2

SHA256
ca38ff3cfa93334721b7c36c673316880a9953d28d405139280fcd56a9613ec7

SHA512
4c9f0373b61a21e2b8af0bd4ee974c95e6ba6ff39ebf0e5ed5c0700a8700f1ff74705c47572489b9a1f6e200eca0a352f004084402ea87e37b322d63737bf564

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads