114536994bc9304051b68307a6b8fc2a713e596624285a8c8929cfc3d7a99ca0

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 13:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
Size

116KB
MD5

e06afecec357d53e204007ff0049edf0
SHA1

ab7be72b83d52fdfb57faff1c5022db391b158bf
SHA256

114536994bc9304051b68307a6b8fc2a713e596624285a8c8929cfc3d7a99ca0
SHA512

a65d71157e3eee478c56bdd993c48f9377c6a5efbdce01e96e72217f47252b2777fd1a9e56782b656488d4499d627d738001a19d4f932a0fe88befd51a70242f
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5x:/7ZQpApUsKiX26/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
116KB

MD5
80ca7065b71a639448be6209a6aa5b9e

SHA1
3ded48ca1c8b7731d9020e1312693b3e2b24ca5c

SHA256
a6532d95df4aa83ac58aad1b12ef2357cdca3c0b31c7ecb13de5e8863b2c2090

SHA512
ca86ff6eac249d1378e93a10e5baf006188c5f7ac73b5762ec3de03989d4325c1de2cf83b2e9645fe4b3e95019449e106afffa048636e758bc8b77a0ba81ff45

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
125KB

MD5
db1a20b7750e14093cf1835775439290

SHA1
e85b87dae1b8c8aac9b27f5a14d3e648aef6c713

SHA256
29c05ae78902112d4df32d4f7b734d45633faf77997a64615b97aaf2f407632d

SHA512
271aab93b7910628e96667af6d1499b73f1a747603e0ef83483df82cb5908383cfd0eebe020da94f9ff022e92d4f2f6d98e0bfe042aa6df0c9216e998766360d

Download Submit
memory/2268-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2268-636-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads