af73c5edf6e2147fc99ca70a0d6d076d96ecbee1a62d9a9f7e9c45c06680c4fa

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
Size

78KB
MD5

b71a0b998562e8e6503065c079ff3a80
SHA1

e600b1a451f552c0b507e8a747b1fe359b999f91
SHA256

af73c5edf6e2147fc99ca70a0d6d076d96ecbee1a62d9a9f7e9c45c06680c4fa
SHA512

1308a2d1c4ed735b7d8b3a9d5571ef788a3b4821f059bdce5e2c7904e69f55caa53c677b174e9a590aa5982d4cf3dca097c9ef592b2b0383aa0f9d280f255afb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQW:6e7WpMaxeb0CYJ97lEYNR7Ztq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3727) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b71a0b998562e8e6503065c079ff3a80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
78KB

MD5
d34e35179dab18e0e5ef1faa9ebd45eb

SHA1
2f8815b19305514ea75d23f3b4440855723e6246

SHA256
b457d9d4591a816d919b1eacf224e0babfe9ffadbcb628a824cd702527fa9f2f

SHA512
0c3dc514099a6181c2c7f266aea4af56fcfaf114f2ea437d80340212066f64bf51c73566c315887ef45d486a7240e4bd4216777078ba84240e19387926a8a3ab

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
b088cf0924b2e7b6d48b636592fabd62

SHA1
6246d5b69c88995e95586f3846940d1dd1149fb9

SHA256
49a6fcb7dbee76d4c8e8c97afdfc2b2b9b462f3a4be0e86648fc4d886ff3851a

SHA512
49b93d48588b12bfee9c3a9edb0005831c3a2e5300b962d1298cae7891e6256597862b24045db952bb8610500a8dcfc4b061263ceb75b9240dcfa46a27e1c862

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads