91c635b6a5f86daad9c8c34cb1d9ba2664b9af7859eb5ef96a58e39d1739665f

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
Size

81KB
MD5

6ce105989cee9277afe398df73865180
SHA1

6a155ae3fa9226af7e28e4fc42857ad64cea70db
SHA256

91c635b6a5f86daad9c8c34cb1d9ba2664b9af7859eb5ef96a58e39d1739665f
SHA512

1ddb36a4e997b4e42dcb32558505a176453c5a107ecbfbed6868fd31ee0a68a3bb98fd192603f4b5c5785419ac45a9b0da49930a6729182a04d32c51cf08a8d9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJJ:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3514) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6ce105989cee9277afe398df73865180_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
81KB

MD5
0b53465f3b61fb3a2b789d6df504bfd0

SHA1
4e20f7ade4f9c1e2c53a0d7c6a9967eea56b504b

SHA256
b432d058f891bdfaa0cbeff64a5e075e5edfc9c99527a3bee946aab3302f719b

SHA512
197bcd61d80b1beb45f325b12f3fb47be6f9da582a86afaae7beffa555e74493bc8d1c60112ec8010d837c2cff2f475d77fc7b1018e546f3548d6b2c6c69eaaf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
f2f51a1eb55c04400937f6b88d722e6f

SHA1
7306c3a297725b45c2c8ecb545a725762334095f

SHA256
0afac4530851e2ec5cbfd1f8e08d2be671211694b0dbd79ed09b0500533cc2e0

SHA512
67398f3be9fb1be1e959343f78682eb6dcf1ce4cfe8179330447ce093e41051bc42dc844dad3b4d6f9c72ea06a252be692dc65d6b79740cda37ba51b052f935f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads