696f541fcebef1c0f21ac15935ced4921b3d725c57e7e25b4474a14adc4b8106

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
Size

99KB
MD5

c8473517e24a271802836cf0f8cd4b90
SHA1

1cff937e681342d7f9eb67e73ba012fcef5b9b24
SHA256

696f541fcebef1c0f21ac15935ced4921b3d725c57e7e25b4474a14adc4b8106
SHA512

0e3b717c86c39260dcfa8c3b653f749e33f32a4b82b08e34f22eeb569ae9f0aacd36e5a1284b1c2455bd0f39e15073343380df1868280d71a5b3901fed608230
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76RbUkeV:6e7WpP9oVLQthbYY9oVLQthbUv1keV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
99KB

MD5
6adf48a8821071d116ee1797b1cf805f

SHA1
c6e010cbf707daecada963e83340a54c4ae38202

SHA256
c28a0a15eaee7a84fcebad4ce64e25b8390ce25c3498616d35e51f6870277654

SHA512
243ff55031d829334ce683983e319753f44eedf331ae2d489f0ea6882a2c6d19ed6a43fc09d27798bdd8dd12eef3b03e0cc89938c258d3e7a01a5772eac7135e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
108KB

MD5
eac7f4b241085604d681c38d552dfd40

SHA1
01da319f06389552163c42b801e684f18819c0da

SHA256
19077f1467942b802e3beca8c0c30b5a15b8cf9bef156930bcc218891b7cfde6

SHA512
3cf8d622cd7c152b7f52e41c9f15f756d88cc857afeb54ea99150371234cce573061d2d841016a5f49af216f5b2a0345efb45d438e006b48e3dd1778fe762f00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads