0c5b3144a385d4f4fd0eae4d7f8d59849d80c6ae3de082f631ce340fbcd9b12a

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
Size

82KB
MD5

6eaface3d117b58e32e0620d3d459750
SHA1

261ea40dce7024a66346026186e4dfa131aee4f0
SHA256

0c5b3144a385d4f4fd0eae4d7f8d59849d80c6ae3de082f631ce340fbcd9b12a
SHA512

8457e51da6c5a565f126bcebce1ccc153a2219109ff03b5374ca229b334bd99907fe8d2af5522140df1ca292542dddc66232d6b1fd7cd9ea247866f8b30285e5
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76Rb7gz:6e7WpP9oVLQthbYY9oVLQthbUvUgz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3527) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\SaveGroup.ini.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6eaface3d117b58e32e0620d3d459750_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
83KB

MD5
3210fd9d636ae01b2fe55cee942bea4b

SHA1
027261eb2da65067920568ed56b7aa6d89b22589

SHA256
030ce1e7e7bebfd43553d4fc24faecf4a3c0f610febb50467f11f0701e625ccf

SHA512
6950251cdc53c3e93b0d64178f30eb6de9eae015f02cd05fff91ee6fdf8b038039ea9e2a3021b7ed1b92e794b9b963853870e78995ae75e9228e44f3a0178cf1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
1c06230e90c1e9ab4a40a3590b7252d7

SHA1
ca20c5554f8b573880ea1b94ed56292bc48955d4

SHA256
85a26adb8d86601f4a3a4bc955155d0676f12689525229d26a3c76e357471578

SHA512
6bfdb6dae06ecbbaa7f0022dfc0c1505d10332f0b1255f528ae85ec207ac2c11ea1fca3bb5ec8ced93761a22e05ed716068d9f9a85ec93c593017ca8c8f3e7c3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads