dcfb11d8c6304c312ca7d16317ba622ea128efbdb213e5e80c49a514af1a4364

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
Size

74KB
MD5

1faf694b27a88adcd5ac9a8d0891ea30
SHA1

f5de9288ec4daf60b423307c2c5340d9c8234441
SHA256

dcfb11d8c6304c312ca7d16317ba622ea128efbdb213e5e80c49a514af1a4364
SHA512

9f867397f400a9e0952535c1605f3ce75819f7000eaa40c2175c2e7fafacbd9a3e2dd86ceb40033b699a848c6b5eea94767c4460a9002d61dfdf9746698b6f07
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGA3vHq5q4:69WpQEJACU4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3480) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\CheckpointSuspend.i64.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
74KB

MD5
cbd987e18c9ddddddaae13726d9bb2f9

SHA1
ff3fd8dbdd05f6901ba0d65be9db897517cf2da1

SHA256
1f2045657a08bfd8414d6544ef29b056a59795e2fb75f7bd695e724e0b8eb7b6

SHA512
13ef7d634d769449f4776eafd11cc7dc6ccaba7bb85df41df65304d59216be58fd73eb5f2f7e152660bacdd8460dcb2eb2d2e0866299e534d6c103b666fe60c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
2899418c40c64e57e08fcfc181f60bd1

SHA1
3476011bbb07a43e987d2bd5ace2ead98917c2dc

SHA256
4c9b0207c000bc2cdbf8a1f13638a278e958a3e1d7eac8c5fbc916d1cf2d5c84

SHA512
4dc0cbaffbaa15a0864d4093df76324e9dd9ddb7a6f296cbfcab1e6840fc4b2baf246026f6f316867cd59988acf480b57568d91980d6f0300b227a90ad0277c2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads