Analysis
-
max time kernel
149s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 00:52
Behavioral task
behavioral1
Sample
16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
-
Size
118KB
-
MD5
16d3aaf8c4dd2cf52b58b23843b11980
-
SHA1
9e921ee6fbace34391a5fb95889b3a938ab19caf
-
SHA256
c1ca2383439b982a263918a75afe704e430864459854b05f6f31f3989d4641ca
-
SHA512
2aa7af6bc4f6e5e4b3813ace1f58645207ed2887882555335b164019d713d3ee2de37ecceb411ed0e139a612508f67df15f790cb9d9661fb1c64f5ebf6350e9b
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfli4:hfAIuZAIuYSMjoqtMHfhflixit
Malware Config
Signatures
-
Renames multiple (3151) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1688-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000d000000012334-2.dat upx behavioral1/files/0x000200000001048b-6.dat upx behavioral1/memory/1688-74-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre7\bin\net.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ro.txt.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\RedoProtect.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\firefox.exe.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\be.txt.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118KB
MD5443bb19371cfbcedec2b6f338399cabd
SHA1389c576b4665200219e062d7c393fa12c4652ea4
SHA25634070ba0cf95d123be1952629e5ab0947835f87d2f5d726bb8da222b427c6544
SHA512b4df57a98aa434d842ebe016bf430553cd15dae43952c4fd17482b30695de395506424ab4a7b2d8e7ca2a905c7dd640113c1e336e6b41c09310a9ae53e53b018
-
Filesize
127KB
MD5bf2168f56c5f25302c7e7cbfccbe40e0
SHA1192dc44376707d652d5fb6d2c51b56f588039bf3
SHA256c071c4c157bab685530c943181df278ca19566bf5e7275626a0ee71adc238952
SHA512ed485e165897bade2cc2675b460692636c06727c085aa88b640311d130898c0e4bf86024a784e2f40a0a4814a5a034a352b471e3a62cdec7dc01cbfaa7f23847