31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
Size

40KB
MD5

c8fc5f98eb277d58e9f467cb1bb5ba80
SHA1

1db5bcfebd74760ee8896c23821b99e09ef11dcf
SHA256

31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0
SHA512

e4138dfab8710646f798ed21adc776653c548580175b52b5015f92a67c932da714e302ef9429a04ab86a7faf7d306e4f0037392694089fc5a0731e38aab2d964
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN1qmq4Gqmq4MAAAJOQAAAJOo:W7BlpppARFbhwEnAAJ+AAJJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2128

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
40KB

MD5
421c6ceb8a08b84c0c5502be247f419a

SHA1
1aeb546153f1c06af66a611f47c0497c74678242

SHA256
483017068f0fe44e49cbdd2cc6522dc9c62d4d81e16a09da9b7a8dc93ebc24a6

SHA512
39b8cd28603d96eb5789b888f9da4ed3722cf6cf6d8ae8fe5a58e70825cc67fb7aa387c299f98a21b5382ff8ba7972fa9a3284b02de633cbe4b3a52c860a1cb1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
49KB

MD5
5e480b2555ec9346c162254b2da15e25

SHA1
416d67251196727370505c5c4fc16ff60ccbd9e5

SHA256
6d1ddf7e508edb3b20ce1d9cb03b9ba164c7790e98b18dab48c8e196851c878e

SHA512
05ea03fa545477255c1b3cf700f4b2832f4432f403cb7a1b182c86bec78dcf87973cd7004e02a4ec1344e70162d95e03304c990a415ae519634af4ee5eb009f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads