0a8a283664a78a9657102f13c41d5c3f90f3bc84a57d609dfdf4526321a233ad

Analysis

max time kernel
145s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
Size

59KB
MD5

474caaaf38e19f9572c1b2d15dbb66d0
SHA1

5544b9219a02be759966e263a9dee65569665ac8
SHA256

0a8a283664a78a9657102f13c41d5c3f90f3bc84a57d609dfdf4526321a233ad
SHA512

f18bdb212bd16be8e10bc5172523bf7cda374dbf149a791e6160ca755e33cec601537b5236787d4eb91f23e58f7d6ffa6c97ae9977e5435a372036506493de4d
SSDEEP

768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlktN:W7ZhA7pApvOsOKjC0YSilpFpfkJOMs

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3477) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\settings.css.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\474caaaf38e19f9572c1b2d15dbb66d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
60KB

MD5
7788c56cac4ee26aa769e95835ae1ce4

SHA1
bfe5bf46f0bed57a1709dc98dbd922bcf2e47fcd

SHA256
83355fcdf7db5fccbce07b79e7406b9edb91bb0c4d2a9fd294282ae9c475ed87

SHA512
36e096e59495aebf7ce2a8be80f262fe91a30c41d7e897b860b0739976e5383b309e07159becb63db0541ab8ee101184d18d0a5e3415f8ca60c583407fea80e1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
69KB

MD5
aca737c3965b59b42c5bca2beb03c0e8

SHA1
2650caf807374d756588bfcba7d48024fc6e0117

SHA256
07f46f2ac7652ee090de620c73092bb05caaa78bdb94b78b90d61ebca0a1a389

SHA512
dac5bac0e6237da2f14670e26815f51dff9711ee7776b669e9a44aeb83cc74487d4f47e465ff70add9f07357cfa4dbec9cf043655fd78c5327d069a23dd40512

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads