3b9499004467eaf67b4259f0a63e01c04e1ac9f79d13acfb14a0a07cda9506cc

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
Size

81KB
MD5

1468943b693b929dfcaf7a8ea8f2f810
SHA1

ba74914cdc19333f25502a45e5d4a0018f3528f5
SHA256

3b9499004467eaf67b4259f0a63e01c04e1ac9f79d13acfb14a0a07cda9506cc
SHA512

0000f676c2a0fa0e0e1e57f3c9c3a2f813e3228153da8c5964558532a9f2d8251bfe7aeeebce2d21d169f5a7b2ba5ad21c3b26145f92e88754d436d5a006626a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJj:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0zj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3476) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\ImportResolve.dwg.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1468943b693b929dfcaf7a8ea8f2f810_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
81KB

MD5
1025940b3a3a41935a075a62e8825c3c

SHA1
106b68b9a3f04e10f3b5f126919dd3b335554c8a

SHA256
8e5ba8730b31742c3cdade814e517ba0f7ac3c237826c4f4547d3e95da43bc7d

SHA512
918f13217ee55a17df8deb0854c48532990cc1b4d842e66e718c3c57cb3cb65f18e556d18f81accd14c3043dd7e1497568e9b4a423e1aa59e3a23e6a6534ef08

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
2303d45da3abaf3c6d55342092e6e799

SHA1
498da35fc82ac62ed960bc46ffbf2c520b1df07c

SHA256
6ed2b4793589a46a1d74aecd6cdf0a7354c0dbb9cd58cfa121dfa8fb707a787e

SHA512
62986bd28267b4f7880119bde525164dcb92af0d21e069be4dce3be3a9ca461aa47e339d2f050d11684fc29cec5453ce7125bce8fea5bcea59462ec99e8ed720

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads