3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
Size

76KB
MD5

56d0f9329bfa8214bcb39e3fa06431e0
SHA1

f8c6f070eb1571e393f04b9280ab6a73e02eeec8
SHA256

3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba
SHA512

9c994ccbacade3eb7428447aa12e944775e5b518c45b1bfa35dc94e0362670f390bb5653510fc928d77872ec31198259f13beb9a51753a97cf6338196ff6a7c4
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJeFrxFrd4NK/Kk:9QWpze+eJfFpsJOfFpsJ0rDrJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
77KB

MD5
f21473d0a83ef86fb15d608a5a0e26b8

SHA1
9b0b9f5415268130e56948355b5b6dee21722952

SHA256
50295b9fdf2b933c9a7bfddf933e3a165db7342de289938e3bfbf62209c04aac

SHA512
374ef61497ec967245c8d78552d971832d4211a65de078f9dbd5a67d697881890347fba2a305f16719cfbbcf71ffe2ba586e55204535b12318c2e5ff0807a188

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
15f2586418eec8eecf60a2cd4d61452e

SHA1
d2a1d73e2d1b6b7ef82caaf43b6248646de25dc9

SHA256
e30d228fc6fea7b512222632329148c5086fa30456c91c094533a2879f121e7d

SHA512
b002711c6ffdaeb780a14b6bba978a8301614841da3ae02a4e2310450993d9291b8bccccc6ba67bbbf9be4f77588625967d486200800a32f136188161d88fbe7

Download Submit
memory/2220-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2220-646-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads