d3e8d0aa2e73edd3e3999bc83d7f262344ed44575fa211c062406100e6ee465d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
Size

96KB
MD5

2dbacef0e38d62ee449c439c518252c0
SHA1

8b6e852e1737d00cc7b6a08814c75adcdeab63f1
SHA256

d3e8d0aa2e73edd3e3999bc83d7f262344ed44575fa211c062406100e6ee465d
SHA512

c5d0b9dfdb3911b6d96a5ad3bcb98432b5f5255a817b7f996c6d8172edb5e714910a6f65be77ceb04095a4ce103142cf733c50f25f97013243ae1d8527e96075
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEDJYoAJYo7:tFPxPke+eIDJYoAJYo7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
96KB

MD5
542f0a0e721dd91dbc2d4eb0d6c94513

SHA1
1a8534ed883bb56a624340462b2cdc6ee6a92ebb

SHA256
2d4beda5ccea395bcac97eeea462eec48cd98943579728f5c33c8bb29e4479c5

SHA512
94ac6da5ea13de5af976d8b99a1753e9bb0b3c98227833e6b24419bc7134c8901b6e09553b1504fdd348fa761f5a7fc7a55eb3499df93808a546e9ff08557b46

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
8d86748686ffcd426f77421668a27b6d

SHA1
647f33f0ea05ef2fe1d33280d4bec62138df3d6c

SHA256
6bf8ec79cf98c5a4a8a74435a4d596b3edcd21c5f18dd5f2e414494a306f4af1

SHA512
38445ad3040bd889dd451e23d17de86e331a57fe1e2c145563ed826bb43ca06d910fa53cf15cdee4930ca22baa2be5be6a78067c864767bc34f2b9afe0b00a7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads