449c17843951243d0ccb1bf5150978d4033d25f14ab996e6eb3c749f2ab0e9fd

Analysis

max time kernel
137s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 03:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
Size

98KB
MD5

2574b2c81b64a65efd7e0fa44a3a34d0
SHA1

8ad8e9763bc48599138b92fb5e14a78ab38bb0bd
SHA256

449c17843951243d0ccb1bf5150978d4033d25f14ab996e6eb3c749f2ab0e9fd
SHA512

8b0c4533151feb6382d4e53ca5c9e3aa3da6bbc6459cb2ef34382a33bdf443d2a2d282b4971997c1c62dcbdb0aa64e47ad3621d5e77db2b67d673ff85d5e431e
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPr:6rWpcOPxPke+e3fFpsJOfFpsJbgEr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\ExportPop.ogg.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\SuspendEnable.ps1.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBDoc.DLL.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\DisablePing.vst.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2574b2c81b64a65efd7e0fa44a3a34d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
98KB

MD5
71e586458ce6dea0790f865957dcb779

SHA1
d240aa78171780e6e1805d0da8c4bbb0cfd68e62

SHA256
33c05971aab12fbdbde146bd366a8e9af93631c5537cebf1139e9d64cf50281d

SHA512
1fc64b5315dc374cb94055b1cf0d295dd4a83766d8e0977f3dc7603a97eb688165f08f73845927f377fed06955375f3fd4c13366067978a003de15d63e16d812

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
1c4304417559c033a8fd507dd489d171

SHA1
553655b68038e3b771a7df4f04358549de0af654

SHA256
924afd0fe0e2c366a34f55098d368966292f72118dde33b8d4c118407b3a51da

SHA512
2e6fdcfef20f800bc392c593f1ebf710f6b4c68b7feaa3abbdcc45f5200969d1f113e1404d91665d4a09511ad97b7a64ef6aa644ad96ec57fad7ccdf1f2ead14

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads