de8c5567aae24defe934b8df42558884958fc5de631efc3a2387a87e0b77ffaa

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
Size

79KB
MD5

e89032cbc8d2ff5e70d98b1049edbe70
SHA1

3816bc2062003dbfb638004e12d35b71bf751e11
SHA256

de8c5567aae24defe934b8df42558884958fc5de631efc3a2387a87e0b77ffaa
SHA512

060903d18a6a7f4adbe38164451d1d1a8639de74f8fcd5c07b667fec99dcce2cc39494ab939150540369dcb51816949c890f141e92ccbeff3f085ceefd368ad2
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76NFk:6e7WpP9oVLQthbYY9oVLQthbUvF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3546) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPSideShowGadget.exe.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\UpdateSelect.mhtml.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
79KB

MD5
7fdc72d0d1ef4e33a481a011887ea16c

SHA1
06c1de5b8c3918008f27d9f835ba42672c27e43a

SHA256
c84560f622908b058c2dced65ab7a82c2a4f8dd6230e1b38485442e18889893e

SHA512
34492c60dfaffa0501a9daefb8ff5c4bca782e7a80fd40a1a3f0d0a9b341fa0f1237a4d8fdc4e7188d43891e37587a130a15b714e6221f9ddf9dc001cd41fd32

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
7cd2d5b99f84acf6acdc4a62b39fda2e

SHA1
873e291a42f784128ab11e73c7773b579d1c428b

SHA256
092601c4843e5a28ba5c54b6da794045f2c896fafd73a88c1ebad84c9effd7d2

SHA512
dc2c45539999d3e4e32a50ca227213d0442ca89da1b3eada0438c5e67fc74e9f6047ef5a353435b93312341e91276d7e2e24ff9f9652baa001acee00bd1d5b59

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads