6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
Size

90KB
MD5

bfc2e9b38b1e84ccde167465137fca40
SHA1

a0ca90579b6b90d924e4d55f9abafadd9d3a66de
SHA256

6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22
SHA512

b969f2c623afed9ca825e24672d85cd1b93c368b37dead0f22658f81ff8461a7c5fe3eb7b68f01bbdbef89ddf95211bd1fb5148e0f16c66dc0e97f06f08ad1af
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3pyDxsyDxZ:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7s

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
90KB

MD5
d6279773b2b9123a324a8f57978509c2

SHA1
03fb58be0076ca7152388da15a3845eaed8d6542

SHA256
e647a46dd68143b822bd5968203e3ce2e1fc458bc8002af420b19e4318928926

SHA512
fd666dffce874f1cd20de63a2fc3a060f5bd301a0a94ebb9f00a9d30dcd07720ab9bb7340f9de54ac14f2f7a3b6e034b47da83725017eaab70c37cc63683863d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
99KB

MD5
e49e8ad272758899f3a65217c70a25d8

SHA1
0f06cd3fc8e0339368dc5c2395a9bd19c1a38527

SHA256
d53bf46208facc5d57c533f6c63f5c89182b166ff818030da22770c53829fd21

SHA512
86369873fa2a2ae640bfe2cacb3edcdc4d291ee7d9ed5f32bed537b142f036a6833f452f68382ce42892f88ec4ad016f44128cdb8f5e96f7ca80ff7831f53451

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads