377552e786f54409ec7de8153d862ba877d14265d6ceaf454d1636debed11cd3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
Size

66KB
MD5

44ed601752032902935629f2320be9d0
SHA1

41b6e90ec23b1c21f6687f187bfbb20b4314647c
SHA256

377552e786f54409ec7de8153d862ba877d14265d6ceaf454d1636debed11cd3
SHA512

694574f9b99448fe6625e77e48fa8a1688be03f4a0ca2a37348d2ff68a431ea001c3e20ce7b8448dc20a3541669471cf88166d431ccda7796bc6caf99b3489bf
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaJjYJIJDYJIJJZwNq4vx5nd5nFK5c5oxF:W7ZDpApYbWjy0e+eaN1NdNc6+xF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\rt3d.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	44ed601752032902935629f2320be9d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\44ed601752032902935629f2320be9d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44ed601752032902935629f2320be9d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
66KB

MD5
5ccfee2e5d4c1b7dc09b8a522c388d70

SHA1
c54508efa646be7b86bc0b6268957944951889f0

SHA256
a613101bcfdc6a21069a4f36874567f8239e64ce5c0d326f2a76e6bd0de1b2cb

SHA512
decc75f6799dcbfa07229d69fd9dcabc69243982ee1715f900c440093485b645b8583ba7cb931d66db3ef4a09b1fb690a5f9133df9b5ff08cf8ea592cb552d87

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
687e62850acffebe527dc8af65ce92c1

SHA1
a4fa0c71781245f63f431d558a0472e10f827125

SHA256
a675f4e6d826ddf8f24d57189d1c955e8af47143819f24715e90259cc8100ef0

SHA512
74228f2fc4fb151ec92dcc09124c6fd33ec875df321e8a74296c21eca3457436f3c24469e2b4ffd1cb5e040ece21dcf6f01056972859bb50411e7aa1abf7e96a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads