2d3ef8b6e10c219adccc4c1d0d697ef8c51ee77f154d196f2f577169db83f338

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 00:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
Size

89KB
MD5

28e052437fd39ca9dd3751d95ea110c0
SHA1

12bce83617183bdd8afdd64b332c1332e2db4de9
SHA256

2d3ef8b6e10c219adccc4c1d0d697ef8c51ee77f154d196f2f577169db83f338
SHA512

a6023b536b02d622aa21e81de1ae98e63df6c9e1a2935a99f9407bc2e34896c35e800d64f6b3c2e91be205112dbb521f8299638ad2ff58bcecc78eee531c5730
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaqv3:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VX7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3468) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\ConvertToInstall.hta.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\weather.js.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\28e052437fd39ca9dd3751d95ea110c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
89KB

MD5
dafe79dba51a2d7e9c8c3c25c5b1ba6d

SHA1
499140fa2e3608881e39e5bdb523505b6e2ef8be

SHA256
9bb2fc4af028edb2d3569d5083271ec284a43ea1cc5171f47d0703da1997fa3e

SHA512
04befc8ba30c93a1ca96a04b492ad6ebcc64b8b1241b102c27f1eaba2c97bcc0b1061e3682cfd930c30b3d7b1a34750651c66d213210282c47ac01484e7f6ca2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
60d80f966c8b41e255e71e89b89de50d

SHA1
ccb6be1ebddb9ed2b4c1c20d014254565a512685

SHA256
de19677db452cfe9d0eea5896c233a9440a108100bcbf71c367d0bbf1555eb2d

SHA512
8f578026bb0302ded119f55be23085ed2ed4dba572a869e58ab03ff5d75fd906eb9c4922ad4c71bdd46530db0d11e08a3f4bbc58eb49120c7f80494be4d92bb5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads