8082aae83e7f75c17faa10758920f9630e9d654ec2fbb7a41b53a2ed597980ba

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
Size

141KB
MD5

d6788ec7914b17e6dbca2ae73c4433d0
SHA1

099677f3c1e21410c2bd799964de05b555905fbc
SHA256

8082aae83e7f75c17faa10758920f9630e9d654ec2fbb7a41b53a2ed597980ba
SHA512

a2945a52da4e891f9589d50956dd81d1527bae7382d568ba4b04fa4a7c2d7d1950637ba902ba3e1c1ed481650d4fc733e0b88d0b7d3545762b8af91a43a51fc3
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYfy:/7ZQpApUsKiX26C

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\NBDoc.DLL.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d6788ec7914b17e6dbca2ae73c4433d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
141KB

MD5
6e580c6031a6a161f75d8ef0dd9848fa

SHA1
53d75b2c00c8061506404462174d6eea68a62b3c

SHA256
b401fc3f07aa2127d06bad993f30b2d8aeb85dadca84ce649cafb3414b23f9c8

SHA512
d18cb8ed97ff22e59b25f0e2a481ec4a5c608becc64c9e6c34f78f1da7cb03ffdf17b0adc2a23251aa42868a1b62958de5404b06d29102d5021a8a90dc7b02cd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
150KB

MD5
463b7277b49402fa1b2e9a7e06b0cee1

SHA1
9e14c649e08fc28c4a8120ef5cf9f1e7ffef5084

SHA256
e942341472443efdfa79a8741adc6f8bfe460200e4364211e9f734faf4ba076a

SHA512
577d5bda9aac95360f57686553b2db5e4cb0dbfc2f2cb53b4545046f1d22bf52f50fd9feed9da977044d74c1487f83395d566854c3c09de00232d057c6331050

Download Submit
memory/2036-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2036-588-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads