4dc64bce0efcdc3d30d8919b02f93b6c54edadc3959f4667ea1f0311946e1b04

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
Size

57KB
MD5

30a7e91e4ebce59ba2806a9922dfcef0
SHA1

faf1f8e89cf2287278ef8944a010074e435881c0
SHA256

4dc64bce0efcdc3d30d8919b02f93b6c54edadc3959f4667ea1f0311946e1b04
SHA512

322e05166f5d89e5cdc7dfdba1f1dab3ade715aa444c6186081401b9b0178abe41de08b05732b0b85220840bff022a98cf81e60a70ded32f6d8f3320281b82f7
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5n9c4cO:W7ZNLpApCZrt8PWGoPWGANdNb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3664) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30a7e91e4ebce59ba2806a9922dfcef0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
57KB

MD5
9ca71623ab2e962d32b558504f567ffe

SHA1
82df9d51bb2d19094f74a63f6d59d21f67ed1086

SHA256
a8990e1518dc501dfffccfb00667ce5146285877209b4fb1295d6795ee028b83

SHA512
4fe3ab5dc142fd37d5164a215d64654228285b978ea682ec732e63539f293c84db507dda6543da3ba704ffb8cfbe33b02bdf65c82cecaf0f170b41f65bda54e4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
7404c7f056ad34d57c979cee83e8f112

SHA1
fcee8642b575b3f5fdb0137c0b8c4a5607a8a24e

SHA256
4dbecaa507ac2c7d3b6cf5cd21d1cb8c3e76ec55d860d3bfac3543b540983489

SHA512
01e82adb8138600df7d0eedfce2163481655fcd11e476a210736008de3f811a8585c01e69cf0fd566caf537433c0a5dbbb61b8dded97701f734966ddb478126a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads