381dac1fd7bf2ec8ef7f22eb50553b06c8faf2efa7b1910095de15580552314d

Resubmissions

01/06/2024, 11:55

240601-n3e8wsce36 9

01/06/2024, 11:53

240601-n2ldhscd95 9

01/06/2024, 11:50

240601-nzzs5acd62 9

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 11:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
Size

95KB
MD5

6a3fa042f98c5e544498061ab114ad00
SHA1

c1993ed23957cb7ccaeab0ca9d8350fc14e417c5
SHA256

381dac1fd7bf2ec8ef7f22eb50553b06c8faf2efa7b1910095de15580552314d
SHA512

13ad88338f4c207374bddd0f227dfa0b9b33596a1f96e0c3143e3840fd2d3d73a1837bbac2ec6b628b0a1f6ae76e54e5c63f94cfd4e170f7c3ce5199cd6eddc7
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Waa1aar89JAJ4:6e7WpMaxeb0CYJ97lEYNR73e+eKZWaaO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
95KB

MD5
336864b05f4e08404ec8b908d4edd264

SHA1
dd19f2c32eee22d392d9dad2d33550b2edbdeaea

SHA256
9c2283b747a56ed3dec543f75abe7b70d523c506a4506a3f146da603534ad218

SHA512
68b4791f5cb294a023b6c5380ae0c2c7a3c72308ce74b7628f7d33f25069e579e404aa131bdda71f074a3b9a22bdf2c76825d4f01b3ff506c87139d0173d710c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
104KB

MD5
5b8ac01045dfa5643539b21db517f4fb

SHA1
3eeaf182f7308550f9e44636a64e54d6098c0235

SHA256
f42a422eee5a27276c52c917e69f83eea7e3784aa0457ff3eb09b776cb93fb75

SHA512
6bd19eb389f1d63f0f1edf962697fd7af4716da605d9d731348107cc6fee84a74917cd1458aa1db73c96bc44d1d71750638731c86305e502f0e646a388443f44

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads