0e3e2d841d79a598233fa9bf654f0d80757917b386447dc698ad9c887fc462d6

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
Size

83KB
MD5

92b26dcee5f9812348b7e8690fce6360
SHA1

e8aa04849ae2db38efb3a0c69314d40aca26294e
SHA256

0e3e2d841d79a598233fa9bf654f0d80757917b386447dc698ad9c887fc462d6
SHA512

f0b4d3408b227272e00b8b51171f5aef029b318aab103694ffeef9353b9bdae766623b2d9dd447a59b473c77e8f96181425f8a0b59b46bf5c2bd84589b9daa34
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vRJAJn:69WpQE0zH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3493) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\gadget.xml.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\92b26dcee5f9812348b7e8690fce6360_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
83KB

MD5
bab92d10171c24ddf4258eabb8c8adec

SHA1
521a8c3230d237907892837f783553831ddc3de0

SHA256
da7da17df853ea1aa7b801c25b8743535d684068adf9d6ae42d379ba49bc0355

SHA512
14bf663a298ab6d6e9dd9584e42c371ef79af454edfab2568d13f7b366ca568afc6fd1923a4d8b494304f75ad4806cb708fb88b1444a6dd7abe1c744816dd2b7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
e2d4d045c6c3a85baf9e3627d8ce96c6

SHA1
da178fd97c0e57aa257608f997e288607b3b2f51

SHA256
634be1895ebc9615acbfb57756c7f0c44f18c029fa81673ca0821aa0513664dc

SHA512
489e28079f43272097cbf4bc9c337d72424138ffde573714c7fd46191bab5078db0afc8b9addf61a858fc6e6e8fb6ef838089bdcf0f1150827da7e672c200d6c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads