96b3f95f6baa718b87b212337129ebf8ac3d55a43abdc4afc7a3b83fbe93f248

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
Size

82KB
MD5

d4b4584360cc1458d105e62a074f1380
SHA1

97e07a1ea29d8d0c2df446ca6efa1f49bdc716c3
SHA256

96b3f95f6baa718b87b212337129ebf8ac3d55a43abdc4afc7a3b83fbe93f248
SHA512

60e4f09c9e432f2016d57c7e3f63d7b24ad43b4ab1221549afcad5b4544c318a6f74c6195b83fbc12b1d5d0b825e31920cd2b6f190483830a5011719a2594416
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJ6:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0z6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3527) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\EnterResume.xlsb.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
82KB

MD5
4fd2e66cadb92753ed72235e0da50022

SHA1
392c277d6f9c0c8156d5510e0853c3d24ae7cc7a

SHA256
bcb4c2478d7f9c5813446d8814d559b1d63e92fc28fd79f8a9cad803f9ec9a9b

SHA512
63cfb49281f47b6681adc71e429d93d33c11412483c038435d66ef61efa5158113a367452e34181aebb87a71d0d2aac65a7745176550833a45ef5c4b8e63bef2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
1204a00b552232495e5d7b30f37f454e

SHA1
355ff231aaa884c04d89dc3a79792d3a64e9ad4e

SHA256
2f74cf1f460fe13c0f733980f648b8473983e996ee4c535b2d63bf4e5e3eed49

SHA512
af47769abcdb32f9e27ef9126e5c059ccabf739c9c1338aae0e44856cd13c603394e653d272a170280355589f5adb18a824121ddf9d69ea36b44351ec034109a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads