99fd1ffe53144e59510fb596609235d7b4313cce405db4b095ec81a2886cd5e7

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
Size

32KB
MD5

9e0934dfaaa83d63c36dc15cdab90e30
SHA1

0b982307038216e1c9e032310a88017921963704
SHA256

99fd1ffe53144e59510fb596609235d7b4313cce405db4b095ec81a2886cd5e7
SHA512

1c7219042f4957a530bbb877c0256a2ae9b65e9d8909a7479c0c3723f0336bc8aac4ee1fb71288ddb3356f249ca8743f0dba11e3c5a2b3fb53be729a56c42b55
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQFyimPimy:W7BlpppARFbhHFp9Z

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1330) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\CheckpointReset.tmp.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
32KB

MD5
cc8ceff426a07c05a4f32a85849cd3c5

SHA1
592fb5a26ef2475849df70f256a0ac59d874094a

SHA256
d3ed6bd1e92b9b2770a3b0e3538ab1b574100dd948ea084b176d4b97e83c9988

SHA512
f12ed5ea5589ad711017ecdb3d1af48b27ae745c721d512b134505d2f33c698e14a576d27b9d5b01ecd925393b29b2630ac9ea4de0cd4066ea95b62b62eaab1f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
41KB

MD5
c505c7df3bf4090fd490fd4f41a945ef

SHA1
95298d4c80e1100818dc9e2a4b6eefee66b4cb82

SHA256
877eec4315adca41b7276bac36150dc53da6b95ab6d54329f47c7a944acc1d20

SHA512
f8355b7c4a0dac242ccfe4d0d67ac19f4e5db496afd2595af8ea3bdac611acc487ac5127088a23e7d98189ccc6e9fb0f27a6e4f8b2b15f7cb2f44a4afe1dacc3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads