3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
Size

36KB
MD5

a14b275dc8e297d2dc8164ab75b13bc0
SHA1

a38144b98b4d683b8072033b38cf7c329a3a8365
SHA256

3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8
SHA512

375d96a3481a8f7f6958bc8e37bd14183f230afcb9a94cb9ade3113781429c025edf05eaec706fe4786f5d95862fe1d535781e536912a04852cf9cb8bccf2a23
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/Nwd:W7BlpppARFbhknrSLmsNw/Nwd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\TestTrace.mht.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

Filesize
36KB

MD5
df2966ce6f8156f8c94edde25112f619

SHA1
672cd57febbb0b230a86959565e185a477c58bdd

SHA256
f2e134ecb125cce94b6b221dd9405d61b29526ca1ee7fb64db180e596cb0c007

SHA512
0e73abf209f3520bf8e4c57a79b1a2bd32a74c75659ba5cad73f4180710ed4f081b777944e32d180fb3a032bb3dbb688d94524d92598520835767ed742f95d5a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
45KB

MD5
2e744ad7ce7a1be38fab6eced2b82972

SHA1
4b540d21a1f5b3274d6ab7c62ccfc220be8978e6

SHA256
80fd3916e85ca4ab9834de8c1a341ad5f99e27c855c7ce819c198068a8dcb440

SHA512
57348882ecda265c0a063ae4721cee0f37a742d96c8135a49342a5f29e1bb184ef287e45abe8149620208bcf8fb4f82d1f37ca0c8acf9c756abaddfb0c04c8dd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads