f202da975fe4ecd4ae376b92bf80fe40489669b307b126feb04335852500a8c3

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34988435196d45705014e50db64ef070_NeikiAnalytics.exe
Size

128KB
MD5

34988435196d45705014e50db64ef070
SHA1

23db71a6fd245fb60451cda4c12149ac9f13c631
SHA256

f202da975fe4ecd4ae376b92bf80fe40489669b307b126feb04335852500a8c3
SHA512

8beb7db57bef7e148cf17e2a00da396c142cedcf6b48348e28ce294a1ad97e80e52e4423d82203b25874a833632987e9afbf1fda4e8ec16197297670eea8896a
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPKR:/7ZQpApUsKiX26KaU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\ResolvePush.ex_.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	34988435196d45705014e50db64ef070_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\34988435196d45705014e50db64ef070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\34988435196d45705014e50db64ef070_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
128KB

MD5
b9caaeb4098282fc9fcf1f10237a9e96

SHA1
3f63d58e34844c302bbbb12d86a6229db2def3bb

SHA256
0e9eac3ca3f7de431fc4b9388b95464bc355d093015017026f901055f664a735

SHA512
c52b981c7be790e89d560d12fe1df31217f0d3c2bae270e23a26c8c8890f16fdbecf271a90e9d5cd5c5658b2e6cc42a28c23737fe094e0f424b8581785409957

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
d3f12a793e67325c7f7a43904ebc1a5e

SHA1
d5b481f010a35888ee05f5336a39e291c1728756

SHA256
966efecc46850fbf11e92fd08573a9e305960c964599919fd99f7aa091d3f00c

SHA512
1598174da085c0710997c99522bffb5cf6abe7a0f12d6517f025081748248c64fb18d332a38a674deb0dc42e88153342d8fdbd51a1170bda21d378e244e13c16

Download Submit
memory/1712-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1712-512-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads