6f55dbb45fec3349d78ae9b0f5ec5d926bec6222d653c8db84a8523517a44676

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 09:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
Size

92KB
MD5

bd5d80f502bc301b6b2e0a1c94878bc0
SHA1

249683981fa502f88661b8309d854986a19a6598
SHA256

6f55dbb45fec3349d78ae9b0f5ec5d926bec6222d653c8db84a8523517a44676
SHA512

f87615ecd1c34be00d2aba1e14accfef6776dc43f0929654a4e1116268eabb4b93072fbc231635098b2ccf0436e73b01bd3193ebe6c6a84f2d881e4f77ed61b6
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+t:6rWpcOPxPke+e3fFpsJOfFpsJbgEODm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bd5d80f502bc301b6b2e0a1c94878bc0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
93KB

MD5
768837df8c97b8a31dbf32f625a74517

SHA1
e076b4f4bbf7857ae95a28c24bdb81e91d9dcb2b

SHA256
2c14096413d9e027f981e8473b715b9989b4d30984d9699650ed2c919a4176a7

SHA512
58f53b0a1671167e8e7322a0c85c4ad238689a4c4a7fd618d6f0b89a4bded09907a4235ca243123d9065a37a942e567b5d317f77d0e1a7ceed9ee82661c5ed1a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
837fb06599eb8fdf28142fd031f54369

SHA1
54f0b2673db7b10992524810d92db7ce5c5f3dd9

SHA256
f3446db6b4a1747e1e2c49c8c182dbf590883ee17c980f3b30a25ae1dbbbf785

SHA512
2e22daba99679d71eec6081e9b7691f0f1ce467415af5097e70e4a1185582384db768c3b75b176c3955b815841a20cc5285744f9ef97755d7e4341ba5962534e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads