e1f0bf5a4fa873376ca03bdb848ec0e9cd0b5d55de4713e272b297cdaadd6590

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
Size

77KB
MD5

067afcecf3c55ec85262e0b9c1250180
SHA1

3e4d6e0f54fb00fd8099255e266902360e54407d
SHA256

e1f0bf5a4fa873376ca03bdb848ec0e9cd0b5d55de4713e272b297cdaadd6590
SHA512

65f15ea6a3273007ee29accd9ba3c717f9dcd186074f212ee394a11df80f9ba5f23593b8d07ef2d4ae8dbcd6b715dcaecf04999fc9943ba77d2a8bf8d56a1143
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303tdf:6e7WpP9oVLQthbYY9oVLQthbUrt7t2r2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\067afcecf3c55ec85262e0b9c1250180_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
77KB

MD5
4b1357f7e082598184c0477d2495b224

SHA1
7cf52d933fa0f8f048bd82fb3bb93d0c52e77832

SHA256
9319bd2f095541e82cd46da305ff0c238595a6757fae6b8df78e4bdce54c8ea4

SHA512
a6d618b063a12a93a15dadfb32e7f064181d104546c94d3cb09e2a5c424e83a52470cbf9f6ecbb089b8ed6ea446d135161a6eee39a7591db0984ec8e22ac531f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
22783a02be175589eb16654c23cc8e8c

SHA1
a3521c7b0caefc2173d09458063d8be292c38210

SHA256
9cf1ea7e1e0e529d7721d1da77ea5e51146f3d2b03378cf21f914c6c4fbaf6e6

SHA512
d1830051d584b1c9417fe34135f90b4a066913908a784e4ddf3a266f17da5c597747b1b69938c832d2966a7da2daac9cb32f237144866e291534a16871bb6d56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads