d99bc249566cf24f6eb869b23ae2afc3f1d8b1931a7ad3c94f928d39f8290f82

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
Size

84KB
MD5

6b1f0357aba421d25cf78a56225adb50
SHA1

d78b2d09ce058fc985db26a9f235688193c70330
SHA256

d99bc249566cf24f6eb869b23ae2afc3f1d8b1931a7ad3c94f928d39f8290f82
SHA512

6369b03f17fc58280c6137d62995964db2aa55e05de2d815418e6e9a8a248fe6e2e3e530b89a6496f725716231b760060f8d1b54f860781c9b57d9fb9f4135bf
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUsJ:6e7WpP9oVLQthbYY9oVLQthbUrt7t2r2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3486) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
84KB

MD5
538351dc001f02bb7b7ca8b59cecd384

SHA1
1b3ea2347caa0f0d5c0d2c7a3580b90965bbd45e

SHA256
f7b4d8272c3a88930f143fa9642c370ae16018f75416c901f2425d2622df31bb

SHA512
4bbe9d0e3e26fd03fe88c999329d04cf1bdf5989abe959ab025f15b72238d0d15632750fc01249785d7974492bd083334997d3523d0ed8d1c22bd30eb3cb5e4a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
0a10d35892aae23f301ae246146e6487

SHA1
cb27b0b08bc847bbc9f58c3e8e3c1bf70ae72fa9

SHA256
7b26d9135dcf47d68a6db38c702a640be8526497cdb951300c097f46458dbb57

SHA512
bac1c6be7fa40e8d2bef3187c58111b6072f07266cfb2b402eb3f396df5b65ac6d2006d8f843e446333d9d78ab17f3fee77aa1e93b548fc0f544fafa8c3f3750

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads