41f709f5b928ba04a97255a7cb7761a31df736dcd31dbcc3b36d53e69a4b686f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
Size

101KB
MD5

e2a12a967f01c369afc036f7a2c99140
SHA1

bfc4df61f15b85bbf2988f7465d33a01b8967d0f
SHA256

41f709f5b928ba04a97255a7cb7761a31df736dcd31dbcc3b36d53e69a4b686f
SHA512

6b16f74459db102f9aa45869dc6ca14428bbde71cffe8158211dfbd7105644e6e98461a2cdbf3a1a197235931521454dff1b67b29261b7400e354888d6a6373e
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5BsyI:6rWpcOPxPke+e3fFpsJOfFpsJbgES

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3476) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e2a12a967f01c369afc036f7a2c99140_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
102KB

MD5
8caaad35d25a4f831d300bc0997b49f9

SHA1
5edcc37325a9c10d7053002b2bde16984ce5fabb

SHA256
863c5f42364319f44f31c496d4594a4fdc7c7da307ae223f3904521ddcf71693

SHA512
b84f2dea026bc9cbda27399f47b8043a71f044890075d44d8949433598b63130f5a7ec95412d83a0341ae59f72c1f6613d8e1b7d7f5f2c6c9ca3cc3ea2222a7d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
7c626ff8719a633349e6cfaa084969e4

SHA1
eb681af0606c7e4686947a53b6f84e7169146dd0

SHA256
49aebbfc5dee24bc45ecf3f4a78909fffa57f5514c347ee066f27380aae61b42

SHA512
0a17a4b44461aa18cd4737d0f782208b16ffd92d609cb59fa3e94284976c34f5b948754b209753e6fd24cf3d87b380dbdf6d157be160b291f73d7da0bfa4e995

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads