e6b2991bfa2d59944cbb1433e052b590a8481880c0d80a33f452359053f67657

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
Size

119KB
MD5

0db84b07774698c5e1c469d0189903e0
SHA1

d7d15d5f871d73d6a83e6e89fd6bb97f7a190bda
SHA256

e6b2991bfa2d59944cbb1433e052b590a8481880c0d80a33f452359053f67657
SHA512

0315235abfc3dc97ec4b1ace35ebae818faddb913a458f5a9c48b9b6bc38c98c9692022bae832a5475516702303c7389b3d339e87527f5642bdb39e2752ee117
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz5:RqlIyFESWu0SWuGSwxK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3466) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\flyout.css.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0db84b07774698c5e1c469d0189903e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
120KB

MD5
e80631d6ff164653d7eac35e5b629fc9

SHA1
747f8634421abb2063154b28eaeab90a4e5e1da6

SHA256
e9e81a9b5de8ddb0dff4e5544928a852917db3c409af52b35dfe42d858685b95

SHA512
bdcc42837f758eeee6db0883bd8136886104ea89fe6f9614cd4011c1b28c844b954ac9aeddb19400deb4631f9680d44a7b5d61b96c832d5065981f0ea0d5eef5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
129KB

MD5
cdd8a119d01a03f90102e380c1bf3659

SHA1
6a7595e99d1eebf9c404ef1f95dfda1067667664

SHA256
ebd14ba02f1befb0dbc3153dec94aedfbfd77da49c59b78f4d6ab0ae3c547e9f

SHA512
c5de923990b81090f85bb0fee252710ee4da55c0cac15a78e68bd84a3b9e4b3362e34b94824d44844938322c0c1b539324940bab816ae77b016cfda724b4daae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads