8627d0d5c6bd9ec09ab8abb668075d1a7acc1c45b6cdaaf4c97dac402b5c3be2

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 11:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
Size

41KB
MD5

8aa5d805e932f915f1bd26eee56e1740
SHA1

5771f2dc5d60d39cc6736905d78260d282312cb3
SHA256

8627d0d5c6bd9ec09ab8abb668075d1a7acc1c45b6cdaaf4c97dac402b5c3be2
SHA512

387f0f68d7368022cd292f1fdea0c497d386160d293e4ad8c5942850697ee167be70cd94faac70edd7fec8f3b0ea0e3359b96c4520fcc5291a6f2bce8ad7cdcf
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFrpSp7:W7BlpNLpARFbhblkYlkuvIYFrpSp7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3732) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\ITIRCL55.DLL.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\SearchMove.dib.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
42KB

MD5
5f17ad364a4f417eb3d360f95da29316

SHA1
5b352b3cf1aa499e4bbf24ccaf446b779ddc73aa

SHA256
0961109b1b5b570d5212ed4e7826eb7675bde936bd6893554ffe0bc854fcf945

SHA512
9ae9204bf83ed8da45648bbc79f9c6ceb1ad52107e23e4713b84dc82ae9321ccfd0c8eef8b210b54532658c42d3470b350d4975067639cedbb6a82e967bde16f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
7a1055c41eb35ad05d32c52129f42f23

SHA1
4fc6553834b0632c00186a71971b1633129d308f

SHA256
c5bb7fedc4d83b7a6cd4b9ea45b9149b98565ff03cf9f6d1a5d9c33293ac089e

SHA512
16c8d0434fccc86239c958a0c6a777b2ed27036454df318f48214889c235870259b1c5921911e96fd5eb26d0eb54e3bc285d3c0bf6d01ba3f99c875f5e731b05

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads