f4a7b1713f51e111dad9cd97552850a861ae045c56dd46534f2e6732efee83ef

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
Size

380KB
MD5

8701deca40122e25505dfa91dad14640
SHA1

c14f935800e34d0be90f969921ab3c9cf31f3a49
SHA256

f4a7b1713f51e111dad9cd97552850a861ae045c56dd46534f2e6732efee83ef
SHA512

19af96469e8b0cb1ad734925f81cba1deb7b481ccd10b56b4d69eee8ab33c2d8709815db2889cf09309da4aa8868de50a571abc5689cc114d897c2862733f293
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsKhK:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2740) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
380KB

MD5
fb8a7e9a8160893d32555f4884a23e00

SHA1
89b3fc6ea798f570cd672f9388ade489b10c36a1

SHA256
fac5c3aabf621ff2d976bf2e6a60775d821cef25c5f4e7f284cbab113ccd8127

SHA512
b5c1c583ef184e2ac0762077a88cca6d613ce0306e2e48a53ade8c3448683f97df6a0bf55deaa64291128aa9962e5107d73d7f1d75966f16060ae6e3b361fd3d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
389KB

MD5
c5431ff771789d72f7e53a17d80bda65

SHA1
735e58f6ba9721ccbb63580f73d5499a3ac0f867

SHA256
b491d3f07be6ff6899ae102343341ff78eb9c8fed8efa489494983e9c64e07e0

SHA512
6b6a224902b9ffffc0658f5946638ca58a5a141803a6963e634099e79b8962c25d20daae3a796f221db503177cb5471bcb13a69599ed932b9c56883ae66b2e5e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads