d08df1cddc480e244e7ddfea75e04762333a92403a8ccb55f7e06ba892aaf168

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
Size

52KB
MD5

0dcd221f543a149e248a8dc1e69b41c0
SHA1

6b39a03a76166543c46b2bf2db61f50b0726fc14
SHA256

d08df1cddc480e244e7ddfea75e04762333a92403a8ccb55f7e06ba892aaf168
SHA512

b4c55fc5b0ddb326aff4c279213105917e4865fe23b2b9e0a21ee2bc65bae787ed0fe73df25b9d314e12ff1f918c4332d2c2e8c1f79f9a5f70e5b8202067ea09
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nVJpQJpN:W7ZNLpApCZrt8PWGoPWGANdNVJpQJpN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3562) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0dcd221f543a149e248a8dc1e69b41c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
52KB

MD5
36719b93f494a0f5190c2dda157d9109

SHA1
285d98ab19651556672f6a782bd4685cefd02998

SHA256
a5eb1082a2321d0978f5a349c25b9e522ba1d9660d2a63462fc7525dce2f5708

SHA512
d8bae058caa86a5432086f84926450670e36b361aff0f6e6521ba59b899e618968efaf37e7bbb958d037f0aff0084aebe95cfbb8761e6c38d98b0a60df22e9f7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
2ab610510148d7707713db8997607501

SHA1
aceb749ec9b0a9e80b28bcd16e48d2d61e14a0b0

SHA256
b7274309374b32ae71db9502961dd253c325c1ad428a684e5501967c86f7bcf9

SHA512
445a444a365afd373835feca5de00f95f3417feceb76e81e7a54ae19ff70c3583c04350193322f6f8bd32ceaa7e311f42ee07563a59549eb602ac90be6eb8fc9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads