23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
Size

52KB
MD5

56e677cbadd6cb28fe945d0b7740df20
SHA1

349b466d95a28e485869621387d50c937c757584
SHA256

23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0
SHA512

6298c41057c74380dbc0ff1a4a6b8f71bc67c91dfbc8729550076934b0b89c89c87dd540349ad6335e53a4ccea2c794a33364173f3071085dcc95e44f8629da4
SSDEEP

384:yBs7Br5xjL8AgA71Fbhvhwfziz63rmrLsArA5SJOhArA5SJOZ:/7BlpQpARFbhWGUKvrA5SJfrA5SJo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3548) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\init.js.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\release.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\PublishLimit.rtf.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

Filesize
52KB

MD5
56fde10b6e70e25b5b9cbc061a7dbc9f

SHA1
adc994d8b356d3af254fb3b623152375971f993d

SHA256
879dc0b1cf70b98842053b8e9509c06457c0eb00df40a63aea32f090ae33cce6

SHA512
5fcd9dd39e607ba420000c497268c97e9056612ae6ccd3d24ae874cb16227afba40ec5a7aed0b291ed9c32117d24fd2d8c2cc782618fc28a90232c238e4d0c2f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
b3edf51e1e3ad9f6709a87582cd8dd23

SHA1
c973d78c4a42dcce0fc459f7fe4f9565da774d58

SHA256
f60b5bd5512476a8537ee7078e60653ae334c7c4c245ba83f1ad81098e882300

SHA512
872f9b6173f8d7878d695c640055774196e6c4e62f88cfd1a9e5f92380d1c7a34a9597808c2cc2f9bb3fc3dfb18dc1cbc0f7182cb6c0f2c2f55cb09dc5ce6e03

Download Submit
memory/1792-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1792-654-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads