004583acc7681d4f997fc62b9cb6fcb59f8290f63cd375e1c4e4b0b1f1e49bca

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
Size

89KB
MD5

1ac31a5321a7141acd17703fec645d30
SHA1

b13fa44d249bcbe5bcf1234c68d18d66f8855900
SHA256

004583acc7681d4f997fc62b9cb6fcb59f8290f63cd375e1c4e4b0b1f1e49bca
SHA512

5901947b4a3e5ff09f6adf9c4605cf9b47074233e20db94c641d642a6a1fa7451ebb1e0d24c987a7e34b4eeb32e75ae0c48a500003eeb0d2b9e8a1968c67d401
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN0U5:6rWpcOPxPke+e3fFpsJOfFpsJbgEF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\EnterStop.vstm.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ac31a5321a7141acd17703fec645d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
90KB

MD5
dbd6d4a7053d9dca81d0893a03cb5812

SHA1
ee6a53334753f98a838f647996b06e6a5037c974

SHA256
8c801f1890af43ca1d70b2f5518df1580842d81738f906e7a94196e905062459

SHA512
059c986076f9cb5aeeb42fe22123aac9e852fdbcfc9127e0f43098f39e401a437045578296cb46d3a6b9234532ceb5d8a033366bdc357846fe98c7dce43df70f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
222ef11becc511722008c18476ed4e74

SHA1
37cab00c8a61cb585f04475deeadcc0eb07ff104

SHA256
70b7eb6315d19be8222da7c347ada0123b94c187e9e2813f85245b789b8533f5

SHA512
4c824b9e1efcbfc919b3c30766481605b4879023e67a20f41d778c59bb2c9c90654c21a07c5eb39faba7e124c0c23aca0d13ed61a9832ee50bddff40a61ae3ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads