Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 22:21
Static task
static1
Behavioral task
behavioral1
Sample
4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
-
Size
141KB
-
MD5
4acefa35ddbc07d1b214f53ae52fc7f0
-
SHA1
df0831fc0569daaed9f8353e0d8b9f7ee6c5d938
-
SHA256
ec231f50e08daaefb7e5a85b271e0cb77d1c0384fea163f32614ce67392ec4a3
-
SHA512
89a20801e64ebaf0690ea7bc1b3dbeb34c7b71434beb4a133caa6b7c5af7ea9613a1a43831ab99173ed6dcae78ba198c1c53506bd32e3578ae76b28e273a940b
-
SSDEEP
1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jeOmOX:6QWpkzlfFpsJOfFpsJ+n6jqT0
Malware Config
Signatures
-
Renames multiple (3430) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\lt.txt.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\COPYRIGHT.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fr.txt.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7z.sfx.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp 4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD5b8d1a94dc62b05953854c0b4bf69ee71
SHA12b5c4a0826a4d3e040fb429b653f08d6a3d1332b
SHA25655d02be4e555965be8d71a4522777a39bead7ccc0ad4501748a1f7c2341cc3f8
SHA512240a6305da780fdbb03edcb85e647317a36dcfe64ff65c0c9b3591a9553924ceb413653be9db27accb6bd36b261c176c7eb59f48f6343dbff2305a7096befca7
-
Filesize
150KB
MD5c9df1ed62f621e01be39b35894fb01be
SHA1b9d1c47a7e3b64a4eaf0a71ec2e0c460560c19c9
SHA256d3c53d20c1e7ca9122c2a400e2ced6e0f48895a1b398e7e0690a53faace9dbbf
SHA512a4781a9371693f0ff977166bc6f99ff8310042a16cffe677637db4c5a0329eb29462a02da1e006995e42e19fa2447aa7885c59a7e164bfc175f5504b92077acc