d4e1ebd8fedc32a604e4e1fad747422b3b2f3bfd3b70be88cd9016c3ca3a4056

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
Size

74KB
MD5

2f41f31f06c9e60495f0bf59f90ea9b0
SHA1

ded45afc4dbba3624b697c449230ef2258d5e0bb
SHA256

d4e1ebd8fedc32a604e4e1fad747422b3b2f3bfd3b70be88cd9016c3ca3a4056
SHA512

c2fa8ba4f067298af98319f2211127b1c121b223d27f0a21efc0e0ea5521964c654c457b6fe85f091c916ea8d6b664716a502895d6d0d1ec3e76db1adc938333
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHf:W7ZDpApYbWjIlE77ufL2e+efZwZzjy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp	2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f41f31f06c9e60495f0bf59f90ea9b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
74KB

MD5
ca5a130213ed70ad5f5c568f04cdac07

SHA1
33c6e0655ac046b377704be38b1e6871a3ed5f0c

SHA256
fc8943a60a947fcd21556318ab243bcce5228ed93daff04d98e0ffe04042c7d0

SHA512
2dd5331090568a699c49e6ee077f7667154f48d2b930cf0ad8360b3919d24be45614c00a5a40cca670c1e0c6e90566099c5b21c7a0972239fcaa3db3b2a41785

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
2773d4a33f0dcfbfe22a3c2109824fce

SHA1
f1286140711e782130f67a2165a0baf209e71a79

SHA256
9c9bb1141be82e4056496ed15aa1121a82368efad80f2427f68538cf3291aa31

SHA512
7bfe03934da0b845070cf5f090db4de6f24c4d14364ac55cce36131bc633164295cbab54809223c780ecc227afba1840ed78b9883f75b0d2636a9b030526042c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads