334b3d44b914d625cf66c7d140f450d4e14fe87a03bf6d3510d3d94db55ed6ca

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
Size

48KB
MD5

320d9136a12e2e04e94f21612254b7c0
SHA1

9058423fdb2e4e43409d7949fc9b693624b2b285
SHA256

334b3d44b914d625cf66c7d140f450d4e14fe87a03bf6d3510d3d94db55ed6ca
SHA512

d616b422d39ff3fab747219991d373a78a205266d166b2270692f8110c31318c20571b11b020abdddb6f3c8125084a0a82d43bb2c321e1243e81b15b61b5cbce
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJc3qQ:/7ZQpApze+eJfFpsJOfFpsJyqQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3766) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\320d9136a12e2e04e94f21612254b7c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
49KB

MD5
7cda04404e740c98095ca062fb555d19

SHA1
836b036bac4cb0b93dbdd76d118fc3d12da34769

SHA256
3469ac44a8efd3c1091d94435252af5057d3e25f4e922ea119cf228d8574e319

SHA512
e48f46fafd9166773c0d30489742fefc5d7f44cd6ebe327f33312d8c7d7f2f0f685385e0cd46b2d1a692c591aa069c4813aa426c6a6b071652295202dd829fdf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
0f816934c4aa11866ec35d831005a9b6

SHA1
775f09e58833e58de60b682639d124d5dc5ec58e

SHA256
e705c3c97a171ed809a11d2d41ca2e504e739073dfc2a25234183407ef422f50

SHA512
524c9b0a0fb2e9337358b8ec89b5ba33969353e6444349731d1edb180154c2edd77f9051e8230a1f5079476efb3dadb0b8407995733033a981f81e6ab34844bf

Download Submit
memory/2784-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads