cdf2c97ef808e346b097c7229024af8532fc26f4c0e3aae8aec00645eacc2fa7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
Size

46KB
MD5

18fa959d8c4d865adc563159d16f2e30
SHA1

867ebabf40ca90b4916978eed75c27b1325a7e58
SHA256

cdf2c97ef808e346b097c7229024af8532fc26f4c0e3aae8aec00645eacc2fa7
SHA512

d4bde6144fb638ef5d720a9ccf349272bff27352bac8bb7898474bad55c6ef377e5055b3553317b5266a8c9f0e8c18280fd219b7eed656dd8f6c7d7ce15e8122
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecD4:W7BlpNLpARFbhblkYlkuvIYFWcDYcD4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3777) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\RenameUnregister.mp3.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\micaut.dll.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll.tmp	18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18fa959d8c4d865adc563159d16f2e30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
46KB

MD5
2366a82cf17fe01fc52b46e2195f1893

SHA1
ee84fc276d62bd4c70379bde617ebe3a0302555f

SHA256
cdc24a8978d15ad008c3e5aa1c7691d3574014dd9c2d6ca0c7f74c2f105fc01f

SHA512
7d82f84fcda8b04ce1793909e2dd5e81c85a4c8cc27d19ad31755030b73fa557772a8226cda82b63bd74a0cc34c9a326932d50d2645f7c3152f311c0e7bf36c7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
a9ac3c71fc9eba63cc9a5c28e474988f

SHA1
00f0927afd4ccdb44403415433d71b4032cde7e3

SHA256
786ef88a90db92d912d48cf6dd90eef47394c33c121df8fcc263af1ccd4d00ab

SHA512
aef4a25e2513066e0c2af09aabbafd1b55cac13571e038b7ec94b4ef62f1642161e637d174d2473f5f4cb17103dde5ecdd1032af0f47ebaa24268916dc1a3484

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads