47871149450625526eaec39bf6a72e72cde531d96ef75c6e104fefcdb2409e34

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
Size

44KB
MD5

c31e33ad3209df3336cc48f326d0d5c0
SHA1

70638beed14f7e08f12f41aac5259b840c831c5d
SHA256

47871149450625526eaec39bf6a72e72cde531d96ef75c6e104fefcdb2409e34
SHA512

cbc6ec55b6d476ab8a81f7ebdcf219ae5d140104475393031181c053e1402f5ca46e89275cd8ae82a22b832284200c2a1d85c77ea85f14d78688ae17fc5a69b6
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDY:W7BlpNLpARFbhblkYlkuvIYFWcDYcDY

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3443) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\currency.js.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\BlockRepair.mpe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c31e33ad3209df3336cc48f326d0d5c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
45KB

MD5
ced9a381d18dc9eaa0bc2a1e63ea7640

SHA1
8a0e6474baf3deed28c16607da942b9feb7d30fd

SHA256
72654cb7695b01526f80913a137af86983bc4f5c9b4ceee036adc9996a01ce6c

SHA512
9e4705adce4c249636fc1164eefba39fce8405e73de448d24e1768bf36f236669d644bf9b37d58fef26b50dabd8d2c67fff39a467202d3fd0f8456f515435dfc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
da68dabf64c3e6e071615fbffa2cc940

SHA1
058668893e2bfde638a8529b3642b5bc6ccb9e43

SHA256
03e235b61efc497daf536c8776a0fd425a17ef6da0339495fecff185a6b134fb

SHA512
c65eed4b5ad0341584182867d5cdff52f15254d484aedeb3ef038d4fd2bc43e185811941c0897f45ff6fb7dc327a4820cf591945e6d691c9e12d92c51ab0dfb8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads