b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
Size

85KB
MD5

526d083d53f39a2c309ba226a22955a0
SHA1

2bd79f6e40e0410a5fe7277394fb65a16de43374
SHA256

b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862
SHA512

59f042c3d1ee5e21341fb748d3c8d70172a17ec609324b3349c2cd9445188199faba0fb00c4bfe34d739de5c4913f14a46f5a3b6f8c741667bb8040642b53ac6
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69YUpCUppXxXTXxXP:6e7WpP9oVLQthbYY9oVLQthbUrt7t5mq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\localizedStrings.js.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
85KB

MD5
0eb1d9e72cd8147a3a9d82ae6db9a4b2

SHA1
aeb3315ef472191707f3a29cffccc93abb813f09

SHA256
27cdf7a1754e381b8792b9ed9d92db43fc5743dd05238755d5b6990e363b5906

SHA512
63dbcf1bc2c0cd86b05382a4e97b5fea29782fac0135298fd18ccba1f816d73179cb7e0cefdf763c72c77cae36c14497e7bad8455979c7af76453ad4744f5a3b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
7661c7fd42aa0575c6de8a4b7e7e177f

SHA1
c5376dc49d6f13e7ace3993809e565cce2e15a70

SHA256
777e8c695f08db905740d5e4ed01d05987c5aafe4350353009d27fa7a2cc2e85

SHA512
3f9d853c32a7c3b3e79cf29a6f9e5f8134feee3caa03c5b36033ade19e9e87fa7b28fbfeebc0b1c3e947a109e00b5dfe2ba0eb488b4a98a429dd4790aa806012

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads