1996bee7cbc45a3d82bebeb878b8407662fb0253b00a2be4a79bc0d826b552d9

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
Size

95KB
MD5

072dabfa586171481f1af5bd1d22c440
SHA1

e64ec635d978a5a6171a18d6f8ac25ce26c238cc
SHA256

1996bee7cbc45a3d82bebeb878b8407662fb0253b00a2be4a79bc0d826b552d9
SHA512

594782ce6d00a0b35ae1670c638dd205f020681001974a15c6c6c08e48e02b8ee36c0eef2726a7d254b28692532652f7b297ba38101cd9280e485227547fbb64
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Bc:6rWpcOPxPke+e3fFpsJOfFpsJbgEe

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3475) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\SetMount.xlsx.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\SetPop.bmp.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\gadget.xml.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\072dabfa586171481f1af5bd1d22c440_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
96KB

MD5
bc7196a7ba0c9dcb1ecb8b7d52cf682e

SHA1
dc7afb1cdaad894ebce6d9fc37b2c839b0fe809c

SHA256
5902f24d756296b0730f0dc93931c77be0b13c25036ecaf4342a7ea6d44a69a7

SHA512
67df78735956e5a7601f5b0f99d12333870f093e35dcb1ba8c56ff68b7270af2706576f8391cdacc35922c38c525a19dc80164cd95abdc18527f691ffde315c2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
181da4b44f35c0917575ed8f28e80c30

SHA1
f6df83398069b10e599c2b7c422bdd949fc9797d

SHA256
d1ee4d1c1c64dea2fe2dc20fe5ba32c7acaa81fb4cb13bdb2bcd561fe46ac3af

SHA512
753f30f692a851b0877b7674a078b305c72d3665fca88305fe7b5ac0a26e4a4138935042525e7a01d7b51c457be4a272d4eed616e717681ab989c22d25d27fd2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads