9c0cfddd126caad478c640cac62bfb8b3e56e548ef2ab361c66ad79634bf9955

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
Size

86KB
MD5

8031918a7a4133fb095fe575de1d1d30
SHA1

ad9238540aaecc2796d28ea7b960a7a584fb4ac9
SHA256

9c0cfddd126caad478c640cac62bfb8b3e56e548ef2ab361c66ad79634bf9955
SHA512

e9e4307f336690faea2964c1b98a11138909311877db2bd97db32f7db7f20c43c028859ca8172a85c6b020d26657b9c8c8885e44ec9545f8192b668b14e0502f
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUsM:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\UseStart.jpeg.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
86KB

MD5
02a94440fa32288480e141db423bf257

SHA1
685314de3689de5c84cd403f92dc54d98c0a4a70

SHA256
d8776d0be4d7dc8896f21cc635aaf38f0967a3472f11cffb5d85616bd2d9f59f

SHA512
58e18539dbce03a18ecaa82686a0f57b829db2958463937c281f0f4d0e168ad817da652b50c2031cce5c36a8af4e11e131c3e1fbfb51123cd1f5eaa2b01f0af0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
782354e1c2b4ec8680448f65db4b1ea4

SHA1
91b6ad98fd06225110611c3f161f00d575904540

SHA256
3bbe7f8faaca501fe92fa326aaf07623cd13cad8d2ced4ae98f9dbba2b8b2137

SHA512
beedd163d7be5210e267b0c07f0991572fcac7a7ccb9245c138d171dd0510943015884f88bad2cd837ec07b029660c5b8b0f57e70dfeddec67ac8e19fbf9868e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads