734471f27b4e38413ab5210e13f4892b6205cb1c626fd3f2e35c577272edae09

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
Size

81KB
MD5

030996139e3c5892f63859717e3a1820
SHA1

c7c09d438a99c6e94e03f0aba0fb6bc783f48945
SHA256

734471f27b4e38413ab5210e13f4892b6205cb1c626fd3f2e35c577272edae09
SHA512

af85de2eee0c31e032157472a05af5b63f0e97b12742a2566d035ba551be75687904c68f6c038af54552bba76eab0a8d0173426f8508f827dba609c3f7cc9b93
SSDEEP

1536:W7ZhA7pApMaxB4b0CBlEVqNR7Yge+eJG/x/ejJZJe:6e7WpMaxeb0CBlEYNR73e+eKZ0ze

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3483) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Portable Devices\sqmapi.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
82KB

MD5
9430327b17de0c24bf873aa03d6fa687

SHA1
778f1e02f8f9334e53125f58132dcabe8e03d61b

SHA256
92c92a332872cdcadab8887b6c861eeac9dbef3b270ef6a44219054a0d0a0333

SHA512
2c0c72f15cc637a326d6b19348f142f140c1cf66bc33b3a4d6d9441da08ec389d0fdc232d98885a31fb3938984b3b6c775314c362a5be6ec6d5aa2c947b04348

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
0d3a2c3bbdff9c22315d7b56fe06836f

SHA1
57d16c1c1907fb56b2d4aa42078b0bbd72db2f7e

SHA256
a20efdce8b50ef08d7e44361ca3655e4b83173f548ba279f53c27576ae17ee50

SHA512
207fbe2b7252ac42090e512f3eed62e6fb47b129abde7075c6cdd55ca5356f4f5ae475cfc50ba6375f23b94f1c3f2307091b7215d9ac16ab0df8def7e5109cea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads