6f41ee2ccda0b757619d43d409bc9512bb40773de14d36ce9f2c90848b6b6caa

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
Size

132KB
MD5

ee0a795c89c85af7174991b5459e50e0
SHA1

7bafb673586c51de57ea55dde8cd6116a9ff50a3
SHA256

6f41ee2ccda0b757619d43d409bc9512bb40773de14d36ce9f2c90848b6b6caa
SHA512

c0a8d7473901f6093e86473ee30f64c2ded69c6b514c0cee51097d9babe2f2730151c496948edd38890284a5c0f6f799372aa3dd4ebbb8f1b3bf10bf0471dc21
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO6:/7ZQpApUsKiXBvzwvzXJvlwJvlDU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3257) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ee0a795c89c85af7174991b5459e50e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
132KB

MD5
258bab27a429054521e931472a8d6ec6

SHA1
0106367f18fd1d78bd6bb6b6a1fa0a9968027718

SHA256
45521046c441fba7176f906d926de09fc87745747127c4ef5908aad323542e39

SHA512
4df1c598581f18fa228a74ce192d2f02dc5b684173b5eac76abdabfd62c1b521325022e7df3589b38a644c39002d12367740bea1a06f575f82237f707d23d170

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
141KB

MD5
49573cb2f654a084100b11b5cec085cc

SHA1
89f88476a430ea3b71420236c35ba14e99c29f3c

SHA256
68d0439953334f62c184c9a47e5297d70202cf42dcbffd56e7e4efc0cac02719

SHA512
e1fe458cccff2a20f59393200cf8046ce063bc6d52b59e6034b4057fcd77f859d7420b3029d0a55c2a01615dda12d79cef70c3f65bfda3501b6b0c17446bdbaf

Download Submit
memory/2900-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2900-580-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads