4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
Size

55KB
MD5

e1f257ba1b004d4d60691ea01d41fa80
SHA1

ee431f54a4de225540e24ea6efb15b6b737eddba
SHA256

4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1
SHA512

2602012e3c5fd34889806fa1f47f9be28170123a2b1a6bf5100d87e57d7b28d8774be9e016a3d378e326b10c8f19f20f4e24c270128ed2037c3d2c5803c0af7b
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meD4:/7ZQpApze+eJfFpsJOfFpsJ5D4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3932) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\STOCKS.DAT.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\ResumeUnprotect.wmf.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\PICTIM32.FLT.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
55KB

MD5
eedb40c762ec37208347e44638356ac0

SHA1
48d2934a260b174409796f8be3266b51fa75d361

SHA256
535b0342447643faa4ab0688c38268355377b242634f65bffee7f35ea757601c

SHA512
f188efab2da8687d5efe6fe3b2d49ec11c438317dfc36315c45b656853cbf64c59c66f015b0cd9146262c96d8abc7d4a561a20a5b44431da668ae8ebf9c8ac4c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
e7fc0c8b527797cea9a0a9f9a9a7d046

SHA1
18c9ef64ea1ad51ac53593f0aec2b886fbbfe902

SHA256
f4d932949f91de4783e2e144a0ef96ad4e3fd46459c176c0f5b1ebc2049cb465

SHA512
48d534bfadad4f331f1dc404e5a2c0a9ec5347b229000cd9a2c9d3ea557748cf45cd748be84d6df0a9369f46b34bab03eb9500e42463bca5926901a49bcb42d2

Download Submit
memory/2872-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2872-664-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads