78caa6c63f49e2a4de3ef02d6bab7462b072824647d1b4de2c843a0ee5b9cbe1

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
Size

83KB
MD5

625e5977f5f51b3bfbe3addfa5b74b70
SHA1

4dadd357937b14943b65e6a6f2c4657fe1fcc159
SHA256

78caa6c63f49e2a4de3ef02d6bab7462b072824647d1b4de2c843a0ee5b9cbe1
SHA512

9102a095cb5f2e94830d80b6d2e125ed3e9b277774f76e3d22693a0f565c9013594a0ef2b1302c556ccae2742eb68df5f5e79f4583427bd3c861bd419db7656a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXac:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VX9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3528) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
83KB

MD5
fe209e1a9dbc9c2266641b5900a2cbe3

SHA1
f59c5b5838a5ae118f71c7bc3451a1ff8e0a6a69

SHA256
26ca54278845e959e4e1b22d5b2e3d2e6ca8d02b58f69586ad4540c4097be91d

SHA512
371e6e16b566d91e39ee7f3b35cf9d1e6927ba1bd160c0ed806436ccc41fa014bf26d10fdf2460f72a2e736b3e7f50b532764fc4e401ca5a21012ef5c418cdce

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
84d4870423cb49334debd32e04bd900f

SHA1
2d17f3d6d49263d5fabc9cbb7f4406bce5c206d7

SHA256
98109ab776d3ccf1838a8197f898d2048bca1045161ac59eff23bf58c55bf5ff

SHA512
93f424d528a05d9889b33839c59206c81b36ae087b3db8a2d4d979ae1ea268067e4bcb7c91b935f4a63d4f49cbece4239b443e1f6ede6f85cce92612c067cbc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads