336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
Size

91KB
MD5

f077b635a07070b58a6088bfab2e0960
SHA1

2e1f88a397c510a68a3bb24fb21c5b0b4792f7ec
SHA256

336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87
SHA512

69467f134278abdf477b2b9703d15f3e5b388a2be167e8f45ac3d182b19d759536dd65895d1b0d73a3d36afd48307756b4825587ae8bd781601e065fc0e282c3
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3J:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7p

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2937) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\336697b398d329aec6f555e22a416b62135595acbf0081cbf0c13b91c81d0c87_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
91KB

MD5
f11c808df745aab78847b7d1dbe0228b

SHA1
ae861aa3f2afbf56fc7a0cdfd3cdbc90107de199

SHA256
8a9941aa8eb04e8f710116a76924c6f2fe66c18981fe3d5e38695de4ac4a58a8

SHA512
9db9b030e22f0a1603189a1f8141e9c5c39cf1099bcd5ff9074c0ec8b1fbaee8ba290d4fed205e1c90b53ff60a4bdd0c190d6835a462a05a901dcbf9c9fbc5d5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
100KB

MD5
11737a746619f8b33d59a852bcccc413

SHA1
b0fd4ef7c1d306240ff1ef6e81f0871924ff82a7

SHA256
dbe1889b837b3bb9d8fb5a5190ae02979bdf472e6c48ead78d850452bd36233a

SHA512
647719d2e37b26ef77455c69c310ae574359fe4388c69c7654f7f3ae693721b6c9d637561c9bfdfb0dd2b266c65b58aa1372aa1525338a657474b3be68437822

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads