34aa0760ddaa88257c6bf783e400b870714d3fd776672304acc5e0765169d46e

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 11:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
Size

72KB
MD5

dd1cb9a6321ea2604dc7f32b73e6abb0
SHA1

330a310a57133fe9d406b23025b0828d9902c32f
SHA256

34aa0760ddaa88257c6bf783e400b870714d3fd776672304acc5e0765169d46e
SHA512

a421482826b4e66fe8fd7c53a878ffe01381b10d8ddba09d7233d4ce5050187c71c33720d67db4eb396ab753898a20bb76a881e696d39f115c7ae31d6f521643
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/R:6e7WpMaxeb0CYJ97lEYNR73e+eKZR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dd1cb9a6321ea2604dc7f32b73e6abb0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
72KB

MD5
938b3d1d5fb2ea892fe9dbec8a71496e

SHA1
857bc071f94e57c0194dfa5dc6e3389ad84781f3

SHA256
7348eb616d735ad8e685a64dce8e2cd64b4fda02f792d30fc1e0628dc676aa61

SHA512
2b702155af51f9ef636e0ef2f7dcb14f31533febb7a6ecd9ccba92a8486bb1f2042b52568a345ae5536885af2801d8108588483932b08803e11f4a14403e7ba6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
9012415c943851837d1b01fb2bdacea7

SHA1
3a53d286d2a4fbd3d5e480c1f9124fdd2855b48e

SHA256
ce2435605c878141d09e8a29c0959c08e2158e8c4aefd55de688ff840002125d

SHA512
5e82052663271f71ea521d433cff99ba02e54417fda2eab688a5730f3045eb925ed0d17a92bdc4b4bdcc0bd1a667f78f6c06fc74de86c1521dabad0058a0dc3a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads