f3e88328defd1da0b517fba8ad8d53348c7480dfba47cbf046131740cd347e9e

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 22:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
Size

98KB
MD5

0aac50ef095451095f8e11cfb43e4410
SHA1

b6b6b93074d849c502f79677c77f8f089a9b2c05
SHA256

f3e88328defd1da0b517fba8ad8d53348c7480dfba47cbf046131740cd347e9e
SHA512

000ca5e2b78f0ab9bbbfc1e13d96a5f8ea06919c5c8a876c6cda3c1b76d734d2f397a42aa2a46b1ca0d27aa0eb6126c454bbf936109b9be758d54b8d78a3f4ef
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPxP7EWzVNOx0ypIzIu73mYdE9d3s9XL7EWi:tFPxPke+eImPxPc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3470) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0aac50ef095451095f8e11cfb43e4410_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
98KB

MD5
c256299b1c3109c14002d385fbe73f3e

SHA1
a8ba59c7d70f550d7c310856591aa1409f545b22

SHA256
43456c5153855fc6933df9725fc68b78b1c2d18e61f31d60b597b84b6cc58e79

SHA512
fc13c4f41757d43a56b0becad4ce20295eda65be75c5fbd14a227e5500266e708f9d7d9162a8c85003186f9cac839a5d95fcfa51bb6dc080c384bcebf8717523

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
03a9653a0dd9efc507d3a9cf0abb7b2a

SHA1
788d78b6d7c8e7d422a6fd28dffa683750c69202

SHA256
38835b2f947d7e609136834baf30ae6716ab9e90c34da5fdc021e3710ea30e0b

SHA512
9e93f6c6cd9aa0e9a6eb64dc9880e8f6437d751338d9f59f483081e1602c12b709a003ebd705217a2170687679838f3845bde5b9760cd90bb030c3ac56650a45

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads