adea14beab1e408fff17ec1f4b072b393d097bd42fd9cadb6294947165afccaf

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
Size

96KB
MD5

b270d4e177a4eee307bca1b0cc401120
SHA1

906c262dc44148aa1979ad95a4bf697526c700b7
SHA256

adea14beab1e408fff17ec1f4b072b393d097bd42fd9cadb6294947165afccaf
SHA512

20161ffb327a426238851e2e7d694e105e35a611bd5f173c2f5dd4afca6505720414e02cf92627f5143489bc1c9f59e7532541ed3af163650b407a8dd9927001
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXaU:RqKvb0CYJ973e+eKZ0Vd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3483) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
96KB

MD5
7c7bfae8c678f91712ca23712f7e404d

SHA1
6b1c2cf737bd047d3ff333b6fca1e878d6ea1583

SHA256
e3750e6f34c839e43f3a42a5e0904f332b5c02877ad1caaf3ebe83581a0e0e9b

SHA512
14644f154595ec863814fd61ca999ece8d8a6d2e2581091730ce96dfee7b673ca8d9effba5f7060644822aae5539a22065a8400ec8cbd96d7c1286703278a4a7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
9fdf387653eda4c5018eb7bda0d76a5c

SHA1
178c1e9c32b7716ba4614ede9948da5591fbe882

SHA256
b0bec1287fa9a1f560783e460b9b0ee68222b9db93f195d78926729c79cb2dee

SHA512
23f1402dbd87b029a184e6170ad669e4368b508e782a3b31dd283ab42b7d65ab43e96c5945cea4212c8aff45e2741eba55e1fed7478a26cb50627bd620e7ef53

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads