d300607b1aaa20bc277df6a41f4260f6fa3d96109faaba6495bdc81e7e34b9b1

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
Size

100KB
MD5

474f86573d581c16a7b9eb7fec82c420
SHA1

11d27c330029e20cacaf74994d0fa150f610e6bc
SHA256

d300607b1aaa20bc277df6a41f4260f6fa3d96109faaba6495bdc81e7e34b9b1
SHA512

d40df5e27486b6e20fde44e3f1540fc42fe324d6a190dfbcdaf954f58601e6b9d9adc1ccaefd399740315aaeb95c0a9329533feb25f3700dcea80c175ec40ea0
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPFywyeSJ:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7sJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\msoe.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\CheckpointRedo.xlt.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
100KB

MD5
111adf1654d7724bd2195f54771a7a64

SHA1
945f5f17250f2178609cb2f8bf4c0f36af539f07

SHA256
b4837212e66e2d756bc816d803f6f4dd27d20feaf14b668b3e0bfbe72610d546

SHA512
fa0fe949f7fcda2206eaad0e2b152d254b237d2577bc63b85c0ccfdc6bbe87cde95bbe81e56cdb4e26ed864a326ebfed1103868a4f8a2d86fba90e8a16af30ff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
00f4c729b3beb6c476aa8de20f6f0972

SHA1
d8252eeb0edde275086b50d72ea7449f44e3d924

SHA256
6583a9357aab089bbd0705e1825d854f4c5a5b8ee12d554f34ae8169e0a1d179

SHA512
19d5a21878803c68f6623622b28ea90de5250baaea5dfbc81b6d8215132e910e1f6fe3550a992a40b67e14e57f8c011e04b60b7bab71acf3e8a9213be8d0c7e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads