79c317ac6f26fc62ebe2a7b8666f2712d5ac307aa3fa0283aeeec1bd42e6f764

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-06-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
Size

94KB
MD5

0e3ad3fa44244b258f25bb2ea7f22af0
SHA1

d950d20d1beb4b395a372d7ffb65c923a76d55f9
SHA256

79c317ac6f26fc62ebe2a7b8666f2712d5ac307aa3fa0283aeeec1bd42e6f764
SHA512

49ba7b3e37e60938e1ed9c98be28461ee7eb61a63d624449aa339ba4340b298c111c5c92ee832c1e09c33710404209eafcdf2e8ceb56756f6dd7458deceb319d
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76r/8S/8H:6e7WpP9oVLQthbYY9oVLQthbUv88i8H

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3427) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e3ad3fa44244b258f25bb2ea7f22af0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
95KB

MD5
bc2cf5e7da00edcae68e4f92a52c4e08

SHA1
f311d3adf8c2fe8853f07a9f371899bfa7639719

SHA256
facd1bfb99ea7ed337aa710be18b303a7083547f54d09294d5fc5fd4cb4b947a

SHA512
ea3e878c692c255c4ab98abd00e65bce8b18e850e4cdf8d79ff757d31dd842ba0aa5d1a62a2a5c0db5036cfb7addb0f7927520f6da9c3b417e1c9e47f64ae3a5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
f6952f45acdeaaca6e7337bb0ad220e3

SHA1
38d8b696e8aee011ae46245279d2d80bf012283e

SHA256
985f1209a6e0a01c4944733d32db64fd1615520a124686389f51bcaf0ebc628a

SHA512
ca84d3cbd4654f678a743df337ac6486336e3ea3a14cc423ba252db2f5ebfb16f7826014c0817455db0f8b1b4cc6e1886b099874027e433f1feed3148c2ff636

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads