acc2eb3179318071af0084c91c466b8823bd1e1c053ae402d9f0d79861ea3a82

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
Size

140KB
MD5

6fdd6f541d1228810c9775221918c2a0
SHA1

7deb0e174b895102e7c15365b03259ef04f2519a
SHA256

acc2eb3179318071af0084c91c466b8823bd1e1c053ae402d9f0d79861ea3a82
SHA512

917959301cb3f9fe8a9c3b076acdf6abf4db93086baa1c9c5ba9187f12037e77c8f9f1bbcb50e7ea0a86bd446981ac4a9bb2f8eb1aa1cbd933288067bbe4b3b4
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOJ:/7ZQpApUsKiXBvzwvzXJvlwJvl/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3369) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\CloseConvertTo.mpa.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6fdd6f541d1228810c9775221918c2a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
140KB

MD5
6e47a67c5b6f6b3a2e89dbe40c363fa4

SHA1
7651912437c5c144fb1cdc02e9acd9ec2fe7bdb2

SHA256
1c06797c994f87a4c43a08f5df63903667148db523fa0999b00a451a9c7a52f6

SHA512
ffee4b6480db5799155632263847976860eb52ac16bf0673329d7585a73580ae18fcee6fcbc2f957c110c931cd44bfb91f6e38c98eac7ec6c206fe301ba7e032

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
149KB

MD5
70f3a571db8f31006f072f11351063d1

SHA1
28b5e13c30b74dbb76298836f1cabbfc3c8ada7d

SHA256
039aaf76ceb4d160eac2282faa587992b476dfa0d4dd5089a0ba7589f73e6901

SHA512
bad35c79e67f2a26404d5ba8feaa33e144824b8686e528ac7ed6874c44124612c2ce575ea59140aa466617c3d4cfc0c56e8275474c1a0f61ceb0f84f740ace15

Download Submit
memory/1976-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1976-534-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads