d09d3bd2df0c5b59bcac4581c16b16af2faa9d5e039aa339ec322c8646880278

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 20:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
Size

93KB
MD5

17f0defc583329fd634a91a8bbc1ffc0
SHA1

cbac569cc95babb7102d1a14ad2acd849fe22a4b
SHA256

d09d3bd2df0c5b59bcac4581c16b16af2faa9d5e039aa339ec322c8646880278
SHA512

1a09ec148ebcb1a4f5fb791f0ef89e77891b4eba2cde54734b93a9ee3c4c4f31917a96dad5afda16b0c1b2fd12b4e0709f8a8dc099bea1c569c889ab07a77a6f
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/BCR6CRPC2T:6e7WpMaxeb0CYJ97lEYNR73e+eKZyC2T

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3449) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wab.exe.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17f0defc583329fd634a91a8bbc1ffc0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
93KB

MD5
00707d7f7d177fa6e8375b79281b7ec7

SHA1
014a9fd13c273ca16904b7d5de07b4e14b28e53c

SHA256
1045ddcf46e2f682d59e24f22ff2ee799c9021d837e616f4b714431dfccada55

SHA512
22638a198d28cfd99edb5e3f6e11a4e48f11a1dec7385a5347d1f44710db1a3c57a8eb1a4aa1d97898fcd6d1e247ed440ffe209a1c785ebc8acb0b68e3dfaf85

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
97a99a4e7f498913564070a58b5b6f14

SHA1
72ce413ad5b39fa08132ed4e96ea445c454ea9c6

SHA256
53abe2284087f973a144d8a904baa6e6db0978b8bc3624f5ecee54d18ca61f0d

SHA512
7de7476b99f1549e115aaa7d3c51787adbe35aa296fdd43a683bb5119a6572fda775cdb299b6ebe5fff3fb72b5a34916e8f0bd42412d4663ef7b2e1877c91e12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads