Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 07:28
Static task
static1
Behavioral task
behavioral1
Sample
38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe
-
Size
43KB
-
MD5
38d3c844d10b35f5cb77b90ada3795b0
-
SHA1
f85239d73319dc11cdc9988df314949cce96c76c
-
SHA256
c4fe5d10656390113bc12e0f52f809db26774f25fd1ca32b8ff06980825a142f
-
SHA512
f822fa4af9dc9717c95707cd6d1acc8b7a384ae05e7cb0aedf500261585337ec0eb07f5e1bcee5d7ca16496fa98fb7ff121a868b8af7afff4b56d8deee376ef8
-
SSDEEP
768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ02asvasg:W7ZNLpApCZrt8PWGoPWGBJ0CJ0d
Malware Config
Signatures
-
Renames multiple (3814) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\eqnedt32.exe.manifest.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uk.txt.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\cy.txt.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp 38d3c844d10b35f5cb77b90ada3795b0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD51486f6cf975dd5364539d9a575770ff2
SHA1d7c39f4ac212c4fc3b88f7aa6fcfe5fc11ea6c93
SHA2568575eb2a73e180282553cfa2d17671bf50611ea4010ff5543f5b6ee76015841e
SHA5123b144d0271aaa608accb6d61306341ed6adcb5bf4a404cb303e495207eaa2df2852e985720a5a76a6e25a83a2a1a5cb665c64717db72812faf1686efc1a2c423
-
Filesize
53KB
MD5be3c7130ba1fdcf5fbb13112304a4a49
SHA11e98d92da4bda37f0d26d3d3851d297a245dd67c
SHA25640fa4dad48bde0c49c86d7ab7a18b889d155377052b73276c63f13131813ef8c
SHA512dbfe8bd93e81355310b63547a4b4f761b6a8349ee3beb0fc08a72f140d0265c14e156589112e90c6125a88d9100b65e942a380b1b26447082ceec627a2d73fbf