437213bda705cd00f080f4d463846a9c6c3164be42a5cb56f168146ab1db307e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
Size

94KB
MD5

34be951308c66899f4184f8035a1c370
SHA1

24622ef8d02ef938f63cb1e8f8983119c24c31b9
SHA256

437213bda705cd00f080f4d463846a9c6c3164be42a5cb56f168146ab1db307e
SHA512

9a4c4783915ce24b6aabb45219f2a0b88537e5893bf55193246853c8e395a84fc30ad46bc27f4b47fa06fa94e0812d37347d58400df435115afe91ac20f0b86d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN0U6PG0PGU:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPxX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3517) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.tmp	34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\34be951308c66899f4184f8035a1c370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
94KB

MD5
bd30c9ca2398623070b462e31ba06cc7

SHA1
67de9acc0d0468c13fb7950426b2dbba2b9a3c19

SHA256
b5bc0bc9f606f5a5bbc7a3929d7055c8e50b64f1dbc676a264032ffcc5abf007

SHA512
1ae8bc39c51cd4c0580ebbe716d63fbb903537c212875b4e96412c0b73018080f8a31653d050557c1e0b1cdbe85ce67991d70bafa68771e5481b684898ad8c12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
6cd4327a559b28423d8738049772fbb6

SHA1
0d6ec3d534046b6058bcbd75f856d16e7d339389

SHA256
b411cc98c045d05bec38f1dd5056d74bcabb5b26b7a9f55ca22ea444044b72d1

SHA512
40a4b67e6cf175659ebef46a01c1b5a6f19d7adf7879732c712ae81abdaf6911fa186167c78d9f833aac35a080e8ae03bd428537e3ad13a675cc1f2056dbb142

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads