00a0f3186bb13d871df062119cc4c677c8d3497678de82dd02c15117021a5a1a

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
Size

43KB
MD5

af31e6b30d817914761ef7f25d19ab00
SHA1

2c589ba979cb663947f80c2cb1d40c97500bf473
SHA256

00a0f3186bb13d871df062119cc4c677c8d3497678de82dd02c15117021a5a1a
SHA512

3002d1f83e13730d419a586ed07ffb1795ea1fe23a1d11528d3fbf8673c9f79c11f1e2a95f2347dda368e68fdb45c4da41250fca119253e65585b2365704ccee
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHNt:W7BlpNLpARFbhblkYlkuvIYF8t

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3736) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
43KB

MD5
bae20dae5eb0c40ee97d16a689adfb65

SHA1
a1e8c696e530318590934998068e67973ab294f3

SHA256
36b7e2fdec3b5b498907f02479e3e8fd10fade0acb74c1fd99306c4bfb32d30c

SHA512
ae43810e17438bc1a71fc999057efcbf84cdb7c05d882710e3351c0263585cd7a802ee8825084cdfc4877a696ec445c2f3f36f69cb4b2d1e683656c7dbaea314

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
a3c00e202d857eefdbae4d2f06b22aa8

SHA1
aaa7bc20924efba41e32e7035d693b3d565932b4

SHA256
52d4588719124db459255af3c5a29409da213f8a5d64a08e6a19772539994005

SHA512
d1743587c8abac357db14daf4a6cfd2b881a0bccfe2481af0bd519c5c2e93e41d4c586fc271fa0ecc1271023e902688f386f43447e4d45e996a558cacc868fd5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads