23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
Size

57KB
MD5

a17c453f9072547f32c77708cd0aa2f0
SHA1

c604debbbba433b3f918ef15992407473d21b714
SHA256

23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499
SHA512

8011c352f46c0ad6a5758a9941861d1361d0cbf3e1790e2780156482e3c74ec8f9c6b353499629e1c0618587f20dc31cd19554008ebf40506aba0eeb5efaa9bd
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDfNJe:/7ZQpApze+eJfFpsJOfFpsJ5De

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3523) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\RSSFeeds.js.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23116d8dfc8cffb106be40678e025a221064d14681191ec0718555a059238499_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
57KB

MD5
8695eb00d3ceca121131bb00aa623ddf

SHA1
5bae0fe9cee5e8aae85dc4d047dad43f47d3fe17

SHA256
c7ce882c65b1a0ce43e9fc05afc63177d2ff4bd3bcae9cc5d307d5ce579591e1

SHA512
3d620c02f6bc0cedc7d7e25db10b369f7c378e0fd2e660a07c2d98389add2810e142d85517f195577500e33fa7d070104450afa73d880de8bf4a9ee6c5000410

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
78164b381c8b3be47114eeb06f8fc337

SHA1
e07e4411895b8a7339c9594a72d91d6af6e5b2bc

SHA256
940c9c028fd67ece6ed18c0b36281cba7545a37380a96b4fefeefded0706d127

SHA512
988adebf18595b7694fe5d7ddb354819bcf6bd8512fdb9831934a34bf8863fa1f74806cdd4079dbd763f9aefda114883210954805cd177bf25696e120d3587c7

Download Submit
memory/2916-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2916-650-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads