129d8485fd84293f75e7368183c499784e75ac64cd4a081ce9e11a212112a970

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
Size

76KB
MD5

c24171360cde9d52aa48689cc5c20070
SHA1

2320d9eaba1d8ad7211d8ea2a1a0803d8f172f2c
SHA256

129d8485fd84293f75e7368183c499784e75ac64cd4a081ce9e11a212112a970
SHA512

a30dbb33b9031f1dc54419bda285f8aa90dc49499b627a3ba695fbfe90c9acf5c8dd0a52a46ba78a8f64a650ec32505fd41f9aee9a048cff15feaf584eaa9788
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHa:W7ZDpApYbWjIlE77ufL2e+efZwZ2fYV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3426) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c24171360cde9d52aa48689cc5c20070_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
77KB

MD5
6c4e36b61866095c74b2daec2beac7d1

SHA1
be6fc8f4305dd9344f40702b715ba8300b90ea8b

SHA256
7749c7d35f3a108dcba936046d4f864750d5a0e03ab1c6da207034f59f9d1919

SHA512
a32184b891b7f9357fff63aca63a0afb564cf12e1fa7ffed5dac65489782e4090c4e5d0a5b2d25e5db0335c46c1ddaa0f7536e3c7a723bbe7289393241ab7a93

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
be4cfd62c463d8708a261d7a1c30d7d3

SHA1
78ff2bf11bce6e1ed870013187f2041ef2f87253

SHA256
3054596835942b96116decd5b0940dbefc538532a4cccedda1c04389da3f24d7

SHA512
92c59602e1e84e4d6f2a78a23c70ae1f339d4e0da548ad92414ef0ef0de780c4db568c7e17ea47c2678b7c80bc46469481269a37a4e5132f29308470afe97d22

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads