8a5e6b6cf9841134e4360b7b04b952a83c75ca85c69c470e305b4ca3a2157336

Analysis

max time kernel
148s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
Size

41KB
MD5

24d1ecf57039b9775e1def28d9d8fa20
SHA1

11dc355c673c53e887a5b0d71516f4d48dbec175
SHA256

8a5e6b6cf9841134e4360b7b04b952a83c75ca85c69c470e305b4ca3a2157336
SHA512

9879e52abc34868b86ed15d2d65a5ea8901a985327aa479a97ed626293a3319075501e530865d1e652e704482ba4c2fc2e91b0c5cc3cd0a0af42a05e7e772e59
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKro:W7BlpppARFbhWJ9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3742) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24d1ecf57039b9775e1def28d9d8fa20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
42KB

MD5
fa5efd32660be3e1b646db7394ae74d3

SHA1
0760e3325556dd9c767c95b38c56c19be10cc721

SHA256
129be10d84b60c0001a8e0a7a7eb72b7efd21e32aab0ff1ee6fb7042b4b84e80

SHA512
b49a3e65135cf8db4ec9827a8466b8d627823b81d5f9dcbdc73e1bb5df49668f3b4b6e221778d3ee4a79fa42903ce1b61b1c47d3b744fd962990aab66a892f4b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
7219a3b71256bffd090f8eef8cc696d6

SHA1
a971c340458e2d9f951d381490163c7d95a920a1

SHA256
7546f863fae4497ab0365ab3cd66a3bcb8720c7b8dfd2d173f49c9d27256250d

SHA512
7c01c5df3b97c40e7abfe17f1e95c912cba640e980ae07dfcb108f540d44d05947af19d4e9bb3d68a4db6ca4ae92d585207be836400acdad56fb8aa1db92e961

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads