24c7936881e51a9e78c4b4788d6105a65a97dc7ea32fe298ae72281cd925e3c7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
Size

76KB
MD5

d3ff8ec0745ba6e9a50687e29ffbb020
SHA1

3723cec776d8fff57fda3bf6e94e214c45d03003
SHA256

24c7936881e51a9e78c4b4788d6105a65a97dc7ea32fe298ae72281cd925e3c7
SHA512

66a752fbdbad60156f9a524826463d2b06582cb5a858c9acf94314c2da0088299ed94611a3e269b3a92224acbfa3b9d27e0d66cd135a654e6c4fc4600b526530
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/fU/:6e7WpMaxeb0CYJ97lEYNR73e+eKZfU/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3590) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\slideShow.css.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d3ff8ec0745ba6e9a50687e29ffbb020_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
77KB

MD5
6595e312ace0d476849710fe137e11e3

SHA1
d6db47a91d71352c415032cf2eaeebea5d45324d

SHA256
f68f2fa496b83071339bdf2e51aee65396e2de3c68285fb135e42be863ff278a

SHA512
423bb5f7987e8108a6e5ba7024da2b5e29d5c72c9367f10f9295810cd5b2832ad03daea9e6ec8b78ac54d1830ca53a1252c392b10399c26d56028a569f51453b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
07e5b34cad09c8b9570de4ae6776f9c1

SHA1
8b7fddcf2759858af18a445aae6fc417e80b8fcd

SHA256
c4dfc3c8ce0695ee65328108475e4098685d7683d37ff4074fd5f4353b585a96

SHA512
e1d3cc203ea744d61b6d1b5895cffc4c484910da2cf45243d6d31d95b5d8dc3ceb9250ef1f115fc2a45bd84bf04e044ef4464b5d6f405f23833745879897e2e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads