a6ee812e21387830b5cb0c112a3a217339295a8c1238c307db29f2db69616a8c

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
Size

129KB
MD5

4b6c7dd19f6f630166f16d05b86cc0e0
SHA1

216edddc0ec08c6854458a348a3e8e8200b1db40
SHA256

a6ee812e21387830b5cb0c112a3a217339295a8c1238c307db29f2db69616a8c
SHA512

ef1d4283acb7b8eff67f88ad9da7226e5ebde3c70d6c2aeadf9f679f308456e87b29bb7e5e55f66d7a29186a447589db1e8ffa76b29cb9164bd4f1b03e0ea037
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPK9:/7ZQpApUsKiX26Ka4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
129KB

MD5
6a281ba8f2293cedde093f397d2cf69a

SHA1
ecf85871e00bd24658ffbcef994b191885e6b675

SHA256
fd43030ec6e463224bda524d7b46fa40f11bbaa1840372725ee3da1b2b6095cc

SHA512
8e548eeb128f83e629bcfa712dc4071d71da9534dd2e8ff203b4fb3f9c2b17a3a3ed7797aca74813b35311200c97db96f43277c9be1d0e70468d409493b30cdd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
685cd5082478a81ad37811131c435bdd

SHA1
df433098a7e2b5c7184aaded2f29cacab1524a71

SHA256
1d2878b67b1940be8b7058d06fe9181615eaa4c55ddb27ce9e96fa45c10e91a9

SHA512
abe9e6de48b4e8fc14a318a5491408c855265a17ec8e5b9d9618d0984cfc491c2c3b0914db50751c6605c69c89c2a48d23eac783f4136fe3aebd53bd111e6d89

Download Submit
memory/1904-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1904-620-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads