37b4c66b68d48058a40696e14e2da8db6b5f3d3b1fd76d08ed7acc76db29465f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 04:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
Size

68KB
MD5

336fe09958481ff99980c4165a327a70
SHA1

cbc82a8723a85218bd1950921ce10c78a038a831
SHA256

37b4c66b68d48058a40696e14e2da8db6b5f3d3b1fd76d08ed7acc76db29465f
SHA512

42557fed82f673d56133de22ad3cd1e0216ca07c07e6a69d4058647c57316c0cd084061a899e9493467b5b674a155c94fff88c161a72c329c08d38eaa28f4d90
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuWnwXuvvnwXuvI:W7ZDpApYbWjIlE77uew2w7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\clock.css.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
68KB

MD5
58dcfb41c6267019d36a0abd4f15543c

SHA1
257af4be343e15e8bba70d9bf92f1f7317ce7ac5

SHA256
5d261e06f9bd5c54ed7365428a412a1ed9a7936666b5b872ccd0469e0eb0572a

SHA512
f176919e1b4cd716ae5a2fdc612e8a65f8c842f38d6eb4c4267a8f1ce18fc30f313d873e49405accb1258b723705bd8d9d9d4c992dbfe6062a35e710087b0c09

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
c04c79bf279c7fd2d5270cf175ce8374

SHA1
0aea9541b55d8a3579c8e6aa7274aee9afff761b

SHA256
ea2da1e29225cacd65964033b1783a1f1918931b87320f48c36b92ae31f84b45

SHA512
86e85ba41cecff9a56e844761ceba02613b0b9f8878c9c57f6c9a76fc5a928afe03d262cf42c9e63f6470b45b93ed16d09caaff577046793ab1fc7d26ff1c287

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads