a159341fbf9cd09cee8daf0e5ccdc6e84bcde9e8375456b9dde90756011633a0

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
Size

37KB
MD5

0329c7f617015261f3b8fdd5c743e810
SHA1

395ab8ed1d2385b771128834a2c09574b0be7d86
SHA256

a159341fbf9cd09cee8daf0e5ccdc6e84bcde9e8375456b9dde90756011633a0
SHA512

1a7e025af71213781c581ffa2e91ed5213244b5a63e1afc6d782f0c803607915cbfe20b60f47768f84bf38f1e8146b72ccf02fd2a84aeea6e81ce50507762b82
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQFMVywVyO:W7BlpppARFbhHF0yoyO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3786) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\History.txt.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\MSPVWCTL.DLL.mui.tmp	0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0329c7f617015261f3b8fdd5c743e810_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
37KB

MD5
97291ce971c86201085b7bd821a426bc

SHA1
86b5b51fe1dbbd97ebba75e33ec0285d8edc91bf

SHA256
3a6e328b0a373dd46bedab34c599496616317d923e5fc63126cd17f38db54ed7

SHA512
273238f53361dfaad3cb2cdf0eaa8f5afafa3601f0749f9bb70c75c1f2fecb9855b4020cfd79663299549a38b6d8aed7998bc57e7cbf7c9055b3e21a84feefd9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
46KB

MD5
e96e31853d5bf4fe3243c68eb8329258

SHA1
4314f0ee99e359b8ffba8097ac671098d2e543ed

SHA256
baced775590f8e33f324c581460f8990e63c8c655315ec67c50c119041668d05

SHA512
e73dc27da9b475874d0fcc9afe76bb1c1f0dbef93d70013ff0686bd7eb2820581a803d33179e6bb5a5104f875d5d47a91a21418654867210f27f9bb0794db563

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads