6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
Size

97KB
MD5

18bee2084e59fed8869a772644dedf90
SHA1

3d7bcd8599c7f7931d37117b2d203a44cb53c3df
SHA256

6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a
SHA512

f3317d17e01690fc033d9fff1b101aa37b97c3cea02eb9af13b2ce4426aafdfa2cc0749515dd87cf1642d70cc6ac7d422260ca9e3228679495d6e5c4aa14f2b6
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888o:Lpe+ekeq1+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3478) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6ad3281d40cd820eeb87908f433cc51d7b35e107d558fba695175365c28b7d8a_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
98KB

MD5
aa72162c7108ae0342144de3414b0c9a

SHA1
1a8c72efa5d0e7046b85d47d4b5a573629b7a205

SHA256
abcf5de337261c77278a7203643edb98b9df5c76f920d75eb768c18d5fd9b271

SHA512
f6b69035c3c5cc2f9e2f68481b52d9af24aa85f70c89f164d623f5dabf31f1a1a6decca9fac0b597cca8c868a244df46415cb698b46cc71132224642b87d0c9c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
b2ebc74bf18abdd5b0cb3ac256b6c9cb

SHA1
190f193674d713486c0eae06a47d531e2bfde77c

SHA256
c66a96581149d4e0769be05182cfbb9ceb764bc0576e7d16eadaf5fe4c0c5c50

SHA512
69b1a1e1eb9a20cb78c6412d1cb8a8ee44f9a1daed906701002db17d5dc43c3969fcd44a674c9ee0109b13dabc61183010a6a6bce5b59501e255e0baf59c3c80

Download Submit
memory/2440-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2440-652-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads