9a9f2ed35e38364fb932121b27af8e61f24dc7835aca5741f4dc0b6811485208

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
Size

63KB
MD5

d569c5339c0c5936bd234feddd2ff930
SHA1

7ddb97cdcacffd42a76c78095ed129617f3dbfce
SHA256

9a9f2ed35e38364fb932121b27af8e61f24dc7835aca5741f4dc0b6811485208
SHA512

3e81561dbb8df7e9275fcd4b7013a640f1b2a16e54663e8b3b0f1581310f03363f2d0c75ed5078c5661bef5765ec3a3ff051cbed548b2ece31c34e0f661e7339
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJ2:W7Z9pApQESOHepOHe8G+6E65TGApuwut

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3663) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d569c5339c0c5936bd234feddd2ff930_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
64KB

MD5
cd289d306e8466241c92455b0c9c83e5

SHA1
805e8efe7b78f9f7343645be891b154b8ec35f2c

SHA256
3ffffac664286f463bd3b34e75ba4d9cee13507d2adfbd2be1e68bdde9ccf033

SHA512
f47495b73205fe783d8e96faad0dc5684879d653dac0068fc50e88380acfd839f885635b1557e902e86844d3b7a8d9ee8ba995738068b37910a5dbfcd9ecebfe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
552ed5b127f38cb302dfd9a92ae675f8

SHA1
308ca8bdb7b6719810ce5dca641a51736d7e0a80

SHA256
04a8553fa05c8c9306ae29ad16d38ccafb3a1ec4884a5a5c3491f568681b6f22

SHA512
82db1bd9dcf6afcdcc5da7a485b6e8a716b6add509458eba425d808096e9d58c0b17ec025baee634865d9b24764aad5eed5298b9858c1121bbf16f0c221cad8b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads