bbdd8266a5ccc735f8a81e9ec4ae2fa026a78fdc8ab0068b627ddcd3eff6a003

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
Size

92KB
MD5

755c49c9c276a7331d33e0e39d697d20
SHA1

bb2bed7a8d532e18e4c2d3b0621f02e3ba86cdc4
SHA256

bbdd8266a5ccc735f8a81e9ec4ae2fa026a78fdc8ab0068b627ddcd3eff6a003
SHA512

1ebbe6b297d1205595730e6b1b16b4c5cc8ecaede6ebab5099c045e6a44771d0a8eed09d1bbf136ace41254aad1e2e173f431183c56cb3f9576a804bb140f4c9
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76C:6e7WpP9oVLQthbYY9oVLQthbUvb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3538) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\currency.js.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\755c49c9c276a7331d33e0e39d697d20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
93KB

MD5
9d6870a9fe34aee33f9a6d476f3f14a6

SHA1
bfe881d010078343af5da66104a6d18ec4f88be9

SHA256
7e8aac4af303537936d031f2d5edd587406710262db3f0dc61061b51fe0e40d4

SHA512
22a47f3b27d875f76f71143cccadd81dc212b34e8a822d40f8570497fa7ee6b858802b5f1a8bd401f4cb1d72cf378e9a57ada9a50b2a4c511368dc9f486adb42

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
a67cb466456afdc7f1533f04cca031eb

SHA1
95a8ed24c13d73f769ec581b8ebb7d3de66dce9f

SHA256
73084c9c085fd668960a33812ce31a15c6e262cf621cb97b115e55cb66836433

SHA512
aefd82ce4c7215724878c879107a7e5454098b8c6110b67ebca49100661c038586e0f5a8cae80f87b3bad193a309a3f676c7eb9a2490290c80c0b7f30a523ce5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads