12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 00:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
Size

36KB
MD5

6d164d6162589f9a3b068653053c2a30
SHA1

9d9db854a771d9d462bdfc14d6306c3e8ef37344
SHA256

12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b
SHA512

404336de2904c72a4ee2e835c307a120a695101f3dfd1dbf335dce11afea7be0934d02ca12c1f17db307877ffe746c19dfa079410aed5a4192372648e6c18ab8
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/Nw+w:W7BlpppARFbhknrSLmsNw/Nw+w

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3873) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwjpnr.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
36KB

MD5
b35fa4e69b85a425429c02f010fe9e8d

SHA1
fdc76a770fd7bf4b29fff957767f67dcdc4600ab

SHA256
5f90933e253d5fbffb762fb8f229104a605b2868be68685627da65a07ea64ec4

SHA512
5358c859224abb2df2d6fb2fd5646155b411bddb14e0a115bb028a3bc434462ffb578357adfa67d6d6e796a19b265fa64b1b5536d6c3ca9c6aac1340c80c98de

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
92f35739332f0e68612ac321df3f70d6

SHA1
03c0addd16da51502b7e4a18a846d738016c8d2e

SHA256
d269f3458c77f03341c2b5d838fd5024866f8f6346ad2e0af9777d87955761f4

SHA512
5c13f35fe95d33bbc8be50abf712c7a4a495e74ca91ebcda093ad4a7ae36d78bf096828cddb3ce87c202822b46727dcea71bfc5fe3a445602f7815f45744130f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads