a17a4cb2543b2cedd443b4c078c9bca252b1e0b1a765e9d4fee9479bb7ff7ff7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
Size

74KB
MD5

25657b2875fc334ed1f0bd5301559100
SHA1

d6de8507378edea8f9e0805030a8a025c579d5ee
SHA256

a17a4cb2543b2cedd443b4c078c9bca252b1e0b1a765e9d4fee9479bb7ff7ff7
SHA512

0c97f273783624a6308d3d7a68b6f4040f664f4183a94b61693b75d1cf06d33ce8852ed50a91e71aec608491af2a5b983821f67183b2e53b3022142725a6653b
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJRxwMIMY:W7ZDpApYbWjIlE77ufL2e+e7xM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\SkipUninstall.wmx.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
74KB

MD5
c4c02bd0eec0474d9d7eb186b4575930

SHA1
3d3bb5b68501cff31fe2795d00c74243e44f38f5

SHA256
051202dcfda9d3f98fea57e6f8f4d93363823e8d1e5f44e8b45b235e4e3e41fd

SHA512
d265c0f54c1c18108602f9a171224a6bbc9247a3bfbb747425929f17ad5c6dff726399ab47f31824aec8aedc5d70d677d75c2043892f4af7e3ada2391ef2c2c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
e496525f978b6fa0635cef53218ed310

SHA1
266866b4220c57aab1a3edda27d540f5eee01e1f

SHA256
107f9027c72ed96c473b2110c44d5ca7d446d5066ad9b5709d144e07c65d3d9d

SHA512
e78ad675717920eea6734c389832091861d4cc3ed8d8a752c3589b4586c7b33645a0b4c778b2ed4c4d7db459d0830faaabdda83fce10a4bcfe3e42394eb25164

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads