4dc8e18aeacc258136c03c1abdaee977dff5f4a939479ef9d3b2ef7239bca4ce

Analysis

max time kernel
130s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-06-2024 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
Size

97KB
MD5

11ba9a35116e925a4ddb047ebe61dad0
SHA1

1f0cfb06f9046bab00daff2cfbd4385e0d5203e6
SHA256

4dc8e18aeacc258136c03c1abdaee977dff5f4a939479ef9d3b2ef7239bca4ce
SHA512

e9f776523d3f8c5858d1944eecb43ee93eee96655c2f20ef2ed6ebb390f83bb0ce473bab405c4fde34c04576598415d836b6e3e30fb371d8d559f3031136388e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/DMS:6e7WpMaxeb0CYJ97lEYNR73e+eKZj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3118) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
97KB

MD5
5e333970fa60f1b816d3ad33a994147b

SHA1
29880f848655002c5893d6ed909629ec6fe44a1c

SHA256
4b8b985dbceede5e4255a745148506d70529f0d5880324627b0234fc1446fdce

SHA512
84f523cb57594ce8e5d0d36cb64d3f466d9ad8012d7c0e1a2a31339a0995719591924fd854046f08dfbc3a18fd303948868f893d2730d5eb39b4aa374fd11c63

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
973e9a123caec3143674aee82f9348ed

SHA1
d11985f9996e1c2eecd447aa47d33d465aeff8ae

SHA256
16ff77096497ffd91f78f51e5b9d04ddfac4392100ab0d247427a4b3cc4fe978

SHA512
ad32a9ad2f0a20ac09100d800c6c324ab7a03fd89f45cd04b8796fdbefd546171f16d24f92b6bab0ac33752200c4219df61ceff901dc465692068fafc10ecadd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads