79d58783647e9efb740f0339413d7ae6dfec57f13f9c393094c3b1a6dab7cf45

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
Size

80KB
MD5

22e1624ce222a918f5ba4180c7932ca0
SHA1

2a49bddf96fbbcc04c57443e02f9d4dd522480e0
SHA256

79d58783647e9efb740f0339413d7ae6dfec57f13f9c393094c3b1a6dab7cf45
SHA512

4b7a8d15a953974868898ef38c3cfa870207633bda3424fa2ad5f3cbe5a5a9c05d5f4e62569175809946380a6a7eb4b26b1ab93c79b58d3e9a6590e51fcc1de9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD4:6e7WpMaxeb0CYJ97lEYNR73e+eKZaD4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22e1624ce222a918f5ba4180c7932ca0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
81KB

MD5
45d7e61ca49bec8dcbdc1b7decaa278d

SHA1
3b1f83535640569f6e22f74d1cf3b0b58a2b983f

SHA256
6a4e2f5dc1cde5d40cc73d8dbdc9e0b255df458c6f313716c12383c2f7c29d48

SHA512
e326fb4f2c772daea72a5050fb1437ef867e6f547d55ad2274187aaa6c0ac096e599a3b24b3bb8ad9484c764bc5d438e1255c0aba563ff747bafc422c7f6dd55

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
92be121d3610a33e7d9e77751b230c9d

SHA1
7351d127922ffde0f86e667a7af14652edb5d434

SHA256
08fd14826661a9942a3e94ac91f49b7f853985ef0c5e31c1033a06e2c172e278

SHA512
d4615d76604e4d9449b117ea21cc31cda406bae6e9f12f14398c022f7de2b3450ad311d48e447b3519e313c79c014a2f4bc50bb7453a28895a4df49c0fe77390

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads