56fad23a43f78a9006d644dce571c325f89e15af34c81505753f49310cf67e6d

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
Size

42KB
MD5

270671e2eee8f7414f365c32ac221d20
SHA1

4711936d41c6920b1535d033d6fc674f83e8971a
SHA256

56fad23a43f78a9006d644dce571c325f89e15af34c81505753f49310cf67e6d
SHA512

413b6d9d6ec4dc2b2658606fd8ff06cd0ddf0e5b4835438e177bdfab6ae28d69967d744e24ef291bde58403a7b04786e077f4765ce15bd0411b8dade5aa86a51
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0k:W7ZNLpApCZrt8PWGoPWGBJ0CJ0k

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3499) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
43KB

MD5
98e9f9cd34b663c240ffc571aa100b69

SHA1
a1a06fc26c97f5b96a2e03d413ae8c8a39567ac2

SHA256
1dd557d7e15a2739472ff2f95685419829305295cd560396b21fe34248cae588

SHA512
380eeab281a9f80947dc56ab19a611139602e8694a1533ef7a58dd9e2c7eb686776566cd3fe226bd35a53f51d47fa5321b022f9f18230917bfbd48c39f15fa35

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
06430d4e3d1b20e679bcab35535ba485

SHA1
30a295b8e44847d877f2d5014f9dd5a4d0205362

SHA256
899a170492c67619f26b0a304c8cbfe18f43cbf0a772db1b87a7ece1e0464e59

SHA512
aa65e255a3c7db18bb80e7bf564ead7be4df6527c9b012b84cd7b77a9d46150245756c51a3416435dcb2d3e1ecf9aee71ba9a8e945bc91e3510fe80c9bcf2cd5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads