c8fcd5ade39f276589602500ffcf8258734226c7524091ef208bb62197df9e48

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
Size

86KB
MD5

c842f1928e99d85aecc1a035a8906da0
SHA1

19a787064a0e5dbd21cef3fb6d19505426447d35
SHA256

c8fcd5ade39f276589602500ffcf8258734226c7524091ef208bb62197df9e48
SHA512

e61b24ea6a88e60f3722d3b1e4bf2d40afcd035c57f7f5c141f83af06cf429eab4f928036849338bf16073af0108d087e4f10ff0f6fd97dca14caa6717ba076f
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRec:W7ZDpApYbWj2WTWJe+e/qX7qi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c842f1928e99d85aecc1a035a8906da0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
86KB

MD5
522b3cd4196f78757e58680d4900d7dc

SHA1
df2ce48a4aeee9b1233bc2ce99ed9c6223e32cf9

SHA256
60273d7750f50a35f82dbb0a497e55ddbfa74baa267865c2690e5d7b9a4d6e4c

SHA512
00b54df84d33e29eab69464645da7a8625d093b5905652f3190e4ee48e557dc49aa7f9cb572777eefdc178fdc0d7e74e3b0908975934911ccf035f52bd0726ac

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
7aa010ba8effa84590fe74c2f69fa05f

SHA1
c3a270d3aeb47e1ceb4c7041746336174ae40e97

SHA256
20b65431d95b0abc29c2a5b41d9d020896775e9ec1def062b6ed1ea291218de7

SHA512
e7375c150ede8f35dd105fcc54c0a9f47e5e7185032dd713306fc21b91634eaadf9df3409025f0e5260adc40018d4bce321cb30685a3c86af84c42ee9111ac85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads