fdb2edeb35acc42eafd3951cf4c8575e96ff0e8c5200de2c2c6fdd4f87c59797

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
Size

53KB
MD5

21103031635221dd5f0620ee7f890c20
SHA1

af44de2fc796e1092479d51779cd15134fd66a4e
SHA256

fdb2edeb35acc42eafd3951cf4c8575e96ff0e8c5200de2c2c6fdd4f87c59797
SHA512

8109ddee52c0b8c061817fd6671c5ff28e57bf00852c08f82dc37b9919fc318c7af421762aa9726adb817957cbffec1e6195b123a8161de64df0e9d4a455034e
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJxfFpsJcEKLF/MF/Z:/7ZQpApze+ejfFpsJPKZ2R

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3742) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\21103031635221dd5f0620ee7f890c20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
53KB

MD5
8d357b14355b4d5712d20149c420d0d8

SHA1
d58cf768223d3346f59de3ee6b5c6345134a20c3

SHA256
fc5e52c96f95a9e0d69427d2cf3a89bb66e2d1f208a8fcba946d5598d9c81d6f

SHA512
eff2c74f6bc7fe2625797e1d205a55ccf615d20b28c93aaf222c7d7741da3ab17016061d7e736fae854535059f5de211dcc976c8a08aae033eaa3b403dc80205

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
28adc6d3b79c1fbcc3aabb81c4f71705

SHA1
ba83bd4583792bc7cb2baeca32fe7ef7a37008fd

SHA256
548a7aa99a6e0f45de03d5ea79eb3ccb4eb1c2189798fa8d3af95c40c2f54ea3

SHA512
5f6d179a214816e5d20fd3b3cb7a031f6fc1e4dfb7ddb0ed13e17dab5acec811c2928d4ee5a137905829bb5166888625d4fc1619baed6d24e6a63315d1c8b7dd

Download Submit
memory/2180-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2180-656-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads