914b6b4a1380b80bf050efd8756a0f09b8e47493e1df4e59e5cae076ca5b3dda

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
Size

77KB
MD5

076f7199109df1275f1228c8e3a24d50
SHA1

e55dc8617cd4e3e830c6481394776a0878540496
SHA256

914b6b4a1380b80bf050efd8756a0f09b8e47493e1df4e59e5cae076ca5b3dda
SHA512

d6fc0e5d4fc0ae9e77ee4e8e786edcdf0a2579d75ec35da130551ad65b37617ff639b0b50803f8c0d8d1850968f0183517ac64252dd642652cb383b1b98f58f0
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/d:6e7WpMaxeb0CYJ97lEYNR73e+eKZd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3495) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\076f7199109df1275f1228c8e3a24d50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
78KB

MD5
e0adb199a4ac21b31846460ead97846a

SHA1
37802902ff5caec5895f18dcef197eb03afa7d4f

SHA256
221cf7ecb42fd37f6357f25a87bfb6c3120307b1c79c21ba119b74c53de2f66c

SHA512
aba8db872ddf2cd9f6d0a6c7f20e4e5e19822d23c13e5626cc6245c06703f55654ffc087f8c3fb4f11b31e15348f155a9cefe3d2620b9f36baf7376361ab134a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
9150836b0057fe0d6d6f1d5c24ed1595

SHA1
5981830028bfcf88375e05eb598389cf8f43be2f

SHA256
b3ae843ad8cdc9b3c78b0907595667ccb0906d7862733d9152b332cfca78b08f

SHA512
3ba1fe997f4c19b6a48c8d5260eb7f5e1572e0a04706ac57f2e98aa7512ee08df96764162be3e70be2b3c8f28e2d3d6fc37b35902f84657bbe8d7510450b936c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads