3113d85597fc75882cc4e79cb3ff857ece0d7a9f146d33e4be5d14539c828c5c

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 05:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
Size

83KB
MD5

a40d5352cca27933e6b43d90c5ed6c80
SHA1

e8214e008456505c600d05935c8a4be349e910d0
SHA256

3113d85597fc75882cc4e79cb3ff857ece0d7a9f146d33e4be5d14539c828c5c
SHA512

24029a91957c40f0e1d2f00c628001541359112eedbf040813543974eecc4ff695083782769978a65cea7696af3185292524b703453ced31f4b25323ff98a7fb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJ6:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0z6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3503) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpLics.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a40d5352cca27933e6b43d90c5ed6c80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
83KB

MD5
7f0257fab60f16ce831da162f3fc27e8

SHA1
919c12001604600f6202079d15c437fa4a843912

SHA256
f5e55cdc979019286288f6e920f7e15e4da84f484cf40a7dc9471305d2244293

SHA512
b6d31f0969c74f5db6dbb38701fa086bf236c4eb397145f8ac0acbc253a20fac8a1cac843ef0ecd5adde198084c709c9a0409f9b36e0f6efb8bfd192166293ab

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
59731d86d3d3de58fdcdada595b3dd2c

SHA1
1d62bb6c35be46e0493afb63f42327e035475eb4

SHA256
6017d86b81a27c1c9976d905d0cb7f3eaef30213c4b73a17a30c2b7f54c9b89a

SHA512
520e502a87b5c1ac649642294d64ce54aba2c460678d8b8e1047af61ab716f6d600702976c1b6354f7422d1a4abfd52288684472390c7322a3d82aade5252ee7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads