6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
Size

85KB
MD5

3c9868d648a2a6eba861504d8f663d00
SHA1

210978a82897863fb3ea4c9ef1e6f126fc6924cb
SHA256

6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa
SHA512

e5376a740449677dfdd11eef3b13b0b9ce60bb94978c085f980ded145d9991805c496835bb9152e0a1fd7a2c763af21608a72e9192e8bf4ff99f3b1b388af2d2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Wys:6e7WpMaxeb0CYJ97lEYNR73e+eKZy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\ResolveDebug.ps1xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
85KB

MD5
8e851759af8aeb6cd245633421f06c9d

SHA1
3de7206756e53946e8ffcfd14003356f9a2a7070

SHA256
458e4c0b2737a6a1466521a6d54a618e653498d13a44629d8221901cd444e42a

SHA512
5eff58d77324bf8aa80b6af7a217c106e7e6bc4f9287fa468cadf5c02702f977bb0530a5a72dbdc22b819e8206d12951662c3ebe6ddad87d44933a3ba4408ba3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
b28c1df9ab025d800e63ac88ddce46bb

SHA1
3785e8854a5aacb628013d05467d29c0e0c7dca4

SHA256
f747833976616701328ff4f59a849feafc2fa470eb956dbbee5ec7bd3a470a4f

SHA512
69d6d10a9e387f25708e7532b9b1a41e431c1565dc8303ef705a37a582a9b6125ef60ea20c5b92e7afe3c382d19ce4e42a9ad45c70ca26305a476d7335b2fadd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads