0077ee19c3a8381bd4d683f925b88ddb21ae1b8a9760476eefa3f2433705affa

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
Size

133KB
MD5

c585e507d049f51745e42cdf371372c0
SHA1

6a54016256a92c2bfd7ff5bbaf3724c573511cdc
SHA256

0077ee19c3a8381bd4d683f925b88ddb21ae1b8a9760476eefa3f2433705affa
SHA512

8c17463eb0de9f9ae6898bf344154e4cc99d88e92773ef760f77da2d3ec81637f4e423e2822424df5e69ae75dbff81ceb74ad36a73c9b4e8ddf2ca567b6856bb
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYf1BP:/7ZQpApUsKiX26f

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
133KB

MD5
fb079fc69e29e30610729dca3085fb0c

SHA1
3fb3dc714df806503ed8ea97bb48fe3f32a2aa0b

SHA256
b4d73a20775b110327184637ed9cf1d284a7a34eb3faedf6109ac9163591849b

SHA512
975eba1115380c0b9d2f8c69e4c4336f270be380dd1f11e1c5de3427f5137821bedf1cf7d04cb7906b3024b6d8a77e993d4dbe500ce75d8f4707b82808b0551a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
142KB

MD5
7ef321cab3d7883dd086c1b22be520fb

SHA1
3e1b58e4bad8eddad4a2e4b1932a11c29bccdf1c

SHA256
f1dd10472bb93dd60d9681b46ddefb20f6b3e1de327e81c1e6b1bf0c159354d5

SHA512
279449cf9bc4cd83d4cecb4cdeda1e88d1a5d6fce0df13b65cc6e5c146718157e3b53bba2de75511b9e334f11128d5c872f57c25518bcd96346d02c2a3e0b8a3

Download Submit
memory/2116-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2116-646-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads