de02131c5a5daae715669bcdf18d06d9a95a09f52a06aa48fc5122730b32b8ca

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
Size

93KB
MD5

018b569bcc516d173d61782d2b4a6700
SHA1

3d2473e1ec45c30fed2fe92a32500a694ebf3476
SHA256

de02131c5a5daae715669bcdf18d06d9a95a09f52a06aa48fc5122730b32b8ca
SHA512

a9ffa285b2b84321a941e6fdcc2ffd3750e028119b8e8beb29e852984162e908d3d7dd5ef44c9127d634a3bd5617783f9a1e1d0c26dc81494f58d405c8418245
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tITcfNrRk7VP2DzpQAP20iS4:6e7WpP9oVLQthbYY9oVLQthbUrt7tITF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\018b569bcc516d173d61782d2b4a6700_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
93KB

MD5
1065929b2801a18f6045e9c602b636f1

SHA1
730f5a87cce6f873e1045e32a628b6f10bdfca9b

SHA256
71010bb83cf086afb17670636a8b2ecbe180da9020ab6fd8e83ccd8758117b54

SHA512
f0bada860dd925b6673430c930f13b187df858c72455988b197cdfd5e16b86e35f3e8f31efc09f5f2a3b16615ebff7debff0152d5c1e5e6ac7c96dff7a2afa55

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
71ead73dc795d8435390db78a12a89ad

SHA1
fdb5eab75bfcc424070b7ea842c457bbdc7eefb1

SHA256
9b4ccb422203a1842d2d9ded42ed391430d9838003399f892bd086f582534891

SHA512
cf3a25b03f33e3792ad0b9d377a4aff808d741f88229099a02f896b1cb1d6a59d129d0a8cc5cc12db0cd23a307905459907df3d504cc828302b8182f6aaf585e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads