66aaa81093f26337eb7b44ffc5491c544cdff205007cf424920f404ae8894ef8

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
Size

93KB
MD5

b6d9562364f593d5f8030f7c56da2fa0
SHA1

c8bdc5e9f52c59b3bd801d0cb2755b4fa634e11b
SHA256

66aaa81093f26337eb7b44ffc5491c544cdff205007cf424920f404ae8894ef8
SHA512

683dc0ae716a8b3a503ae315f5cf9333be301e0d56e78b487fe4d5f07ac4580d791e6fe33feb8f8007c6f175b17532d4e51ede61d2f74ac26b3bd8c7912518f0
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP761wewg:6rWpcOPxPke+e3fFpsJOfFpsJbgEJRg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b6d9562364f593d5f8030f7c56da2fa0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
93KB

MD5
5bcd03ee883a78a19056fb29c5600860

SHA1
e42e96077c58a60d08789314bc755a40f70089ff

SHA256
c3a1686a885b334efac36652cce3a82363e1cb350a5b65099c32a95d0497f7c2

SHA512
f22c7b5d60eff1f3aa0f53ad247f5a82cb4373fcba2af30b32adb95532441a499db9dc802ecf88ea3a2fa8275d491cf55f195dc1a2b959e53876c36638a69e98

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
604fc383ee4905bb358de3ef26af6260

SHA1
71a459221a98a577ca21af8c1d470d05b1fb30ab

SHA256
b2f6240380c8962911f2ee2456394d44aab95267fd131e4a442e78e373a47ff1

SHA512
f6305fc81e8aec58b19512feba776e8ee9df9ac2ad8b6f26d9be41b75531001dd90a91b4050db2167d7e27f01e7268b7161cd0ab97106c83bd52ed8f51b72880

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads