24a2393e84ae2ce14a9e23d7de2648f2267e39748dc4e11fe3d7a23e6c811180

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
Size

77KB
MD5

e8cad3cdd0b8589b50bb4a7b5a3f1650
SHA1

abd7dd13b453f29bfb568f5fd049ae64f590ea6d
SHA256

24a2393e84ae2ce14a9e23d7de2648f2267e39748dc4e11fe3d7a23e6c811180
SHA512

532a296de93868efa7adf753f1b98d8a45b8a496a639c0f691a5ccd5d2141546677eb9916873f5880e28e18a82dd389b621f337960fee2b24dd928840a2b2819
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/U:6e7WpMaxeb0CYJ97lEYNR73e+eKZU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
77KB

MD5
061494f6c8dbadee8b5df4466157855f

SHA1
d1a58e99518a147642d9cb85369bf6f070f15c80

SHA256
b62f099b704a94fac077ee309ba1f0dc49c6252888697d026a247cf55672a64f

SHA512
1ac4e32e9432e17e107101596156f77906743339bd3642e778bf0bf160a5da2c5de76dc373ab372b35f2b1345c5c6142124a3dab6fc402b65b780d134ae8ea07

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
e2957333c0f9fa3f7bf140ce256e0f87

SHA1
003b84f67f9873f2e6796e73e715812dbfbf65e7

SHA256
503809bb4cff3e6088b54b3aad231a8f94c4bf61ed61bf1aedd64ad9a9d10940

SHA512
ba29c1cc491982690c62e30449dde20203c9db5bcd71bf17adc094fd55eeead732eebb36b1d554c9da2ae68872066fc92a3bcb4f31dd4ab66da28aefe69aa5e8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads