e450a7e63d07a6cd03a5ba7c006f4b468318e6311185a2b4f1d421b830098fae

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
Size

99KB
MD5

6b33af4d98d97f856ce120c2e0d798b0
SHA1

f26485bea23bdf65bd3c7d05fdb5612420948371
SHA256

e450a7e63d07a6cd03a5ba7c006f4b468318e6311185a2b4f1d421b830098fae
SHA512

31aca25f4a004368aab4e0eed884bd9950b97af362d385f3f07f402c62d2e8396305d98edf3ce00129538b7dcdf5a4177ee2b95504da2c4a758344656a0be190
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNzyOoyOllk:6rWpcOPxPke+e3fFpsJOfFpsJbgExEU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
99KB

MD5
ee0b54fb2eec12cc96259e68d3a24ef4

SHA1
3a88d33e43f6be1c894a45f2337cc09d0547005f

SHA256
ed54097f4d99eb55eb5a1c636197165b52d97c585151b771eecf939f839b3d79

SHA512
2e0c454188af0f49a3380613f54520bc35b86079e4587f9b140a2ff3053e948fa41441e02f238a20b16f17e0dd480809eb2738ff43e2335295c218b56dea46bd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
108KB

MD5
f9df12e9a1e5873fa7fbbc49e10c5f60

SHA1
d33b5334377471872d600b7afbb642331d16d786

SHA256
bee7b6360c10f67c0db8636e14608dece9f3b0e5e04c894179ce661910a8d564

SHA512
d7150d28f78d05cb2fe78a7b781d5ecc3c7e8dcb7f38b2ef0bd53785694cca8cb13598a5e908d9a84b169411f33cb5a6582c549ab164d018b1f2f0bfdd992498

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads