42674a9f02953727a996cf05101d0353e137927996ea8ce7e2d1eae2eb76172e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
Size

70KB
MD5

f238ef9dcb7ec0625232dd48f184a690
SHA1

8e93804328aa0e1a553c8855d6ffa7bd6f470615
SHA256

42674a9f02953727a996cf05101d0353e137927996ea8ce7e2d1eae2eb76172e
SHA512

dd3533db153208d8f095208960515077b8b3208442c0c776668727518e9805f1c4410388c623c08ed775ccccb53820ed67b2aaacac9fe018e8bc2e866caedeec
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/Ui:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wab.exe.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
70KB

MD5
5bb3f246b1182fa1db50301c7552a717

SHA1
ea29ef7480fc987a497c0364708607c7bd1c556c

SHA256
74bc4697b19a283dc26714c747a04a7b997aff7de04fbd2149918497ca45b0b2

SHA512
277adf448404a76bfc1f9b10b4e9b18da61789a3aabc640bc32db6a249c807b231725c46c9a5a1b0866abb1635a1148cf5c1a6ff60b57f40a20784fc05b69ad6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
4dc6b4e6d5ef9cfdf65909954d2d5e3d

SHA1
3df72b1669a96f7b924c55b1fcae4aefa6d42a0a

SHA256
f6d2a82287094f8374b4f0f17a6c3da0fe92a978eb73e11f5bf0ca499b1bcef2

SHA512
77744d95f2b4b593ec6e792e8ce2c69306c0405c25a14290f2ea07341b36ff91f89df849bd0aee1e1d81c6f6fc952fc20e30a4a6d298a800b37c11463fd8e3a0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads