b52b1dbc6d08996eaad3d38d1924d2d3884e85492d40bbfa3a733f2cf2bbe408

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
Size

43KB
MD5

3114f65e78e0081e8c4eb33634c1b8d0
SHA1

3376200ec1b105bf96087ec57e4fda71f6ca4ff8
SHA256

b52b1dbc6d08996eaad3d38d1924d2d3884e85492d40bbfa3a733f2cf2bbe408
SHA512

d8c3228e9ce28143d655cb52a3e99c35a6572f1a7f39346b36fc9bf16dd3c06ef4efa45b79684c7491ef047f884d3501a5ae2afaaec1f0716f51b9ef65261226
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKr+hZU:W7BlpppARFbhWJy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3776) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3114f65e78e0081e8c4eb33634c1b8d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
43KB

MD5
6d4f3be30148411edb8c2eb7378451c2

SHA1
fc6b126f0675865d2392a6ae6c794159099150a5

SHA256
45aaf154b9fa5d2793e782b9f82b47389b26b017fac770c5456b0b14840a7caf

SHA512
64e143becd49050c1de187d1f2f64eb276f9e650749461fc20a85e8a924401042c97b59c1cc0b5eb3466df8902d954eb64aed8e4eb09bc241f52184bca6c1d86

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
96f61e1eff846d74bbb2784229497dbb

SHA1
7886eda26d3581481d1b7a4ddaa90683dcefffde

SHA256
c32fdc389c47667534a511a10a9e988984516a81f7db80c9d75ae1a28d7e9755

SHA512
722135091653e7b348bcf5693bcc1dd9201ab52211808608003ec6bb3204e9ea28cd2b02e19d3fa1bebcd540f2137ea923af2a4120693acd6c9a10876cdc4896

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads