dc7f3219a20d5742e807f8d6e521e51a6e77e4f152cdeca1f187d8ceb5cb510f

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 22:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
Size

48KB
MD5

0ede7d1549f5dd8efb6b7ff47ae57a50
SHA1

2776d955ac8c3ae8767750eb8384ab1cfc99f1e0
SHA256

dc7f3219a20d5742e807f8d6e521e51a6e77e4f152cdeca1f187d8ceb5cb510f
SHA512

b34c4202943e48d4cd0b1c24dec86fc930645defa3e21485df24d1ffccf9d6de5f7ae79fcb8ded28161beec39d030e84d794fa85e9bc3f3f3b46e16e3e1091ef
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcVM3VM3W:/7ZQpApze+eJfFpsJOfFpsJZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3500) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\init.js.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpClient.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
48KB

MD5
34e0cd2c8cd31f5eea88d35f3f4de255

SHA1
39b1374543aa23a34ae34d10d1c68438a7008b7a

SHA256
0ef79770c68c3cbe8205086c729c55a0e85ffb222c8b12085aa1ce4cccbb23e7

SHA512
b00260a108d387d5f684ed62ef886103f8812901e759acd4264bca352676a9875bdfdd078d88c949987f3db8dfc2e8812d97274424694a6ba4da66e241dc1ad5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
7673f00924cb6784648522abe1c9f06d

SHA1
ac475d0fa6540265eca5f7a1b10e42db8b368822

SHA256
079095b562c59d9d523aa95c74bb96c0df65523478ba8a44cecb6aa3eb84cd29

SHA512
00ad25fc046697976b22eb9d311d9f8761907922dc97b2418cf93c8ab4cb9a0c7be245f4d850f9665539e832f9cb57049e0585f5f0bca3b3187512eff1631ac1

Download Submit
memory/2964-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2964-650-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads