Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:00
Static task
static1
Behavioral task
behavioral1
Sample
a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe
-
Size
88KB
-
MD5
a2ac1c35562275115fb861d1d9852ae0
-
SHA1
7fa7528abeb113fca63f7a59348200ab8f46bed0
-
SHA256
9d140bf3eec66dc0b4e966c0522f37297d498c6ff7ebd8df146ce8bd48c42888
-
SHA512
3105a064e721a5742ace03b1493b137aafdabb41ec703f9c771fa4617d20aff35ebad290c0be5ef53bc920a7f5a67b29660bd861ae6e39d72b915e0bdb09625a
-
SSDEEP
1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Q:6e7WpMaxeb0CYJ97lEYNR73e+eKZQ
Malware Config
Signatures
-
Renames multiple (3209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\javafx.properties.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\update-settings.ini.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\klist.exe.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp a2ac1c35562275115fb861d1d9852ae0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
MD53447f05aded1d9fd8a77a7d1f5cc34f5
SHA1c79e75569b24b3f8a99a134b5312f4d9673fc046
SHA256e3939626a1d4f0dae18e7497357d5d3e2e4df5f1b33da6ad6fef93611bf4ba13
SHA512acc9b6f319ca525b4ccc0e48d032fb3dcd18aaf458adc1021959edd390b672c7e953fd8721a46ec3cb95d0d9e2510188633bb35399f678d963a44f7f1700481d
-
Filesize
97KB
MD597f14364a227373d37d4a7aea6e5ca27
SHA1a246b2b2f908488c8b193f473e2cacb62b0f24f0
SHA256351e9f9482286cee268aa8795644e827fa0633735d5fa133a8ad97cfc941ee83
SHA5129bc116140951cdd1496f05a2f1b5bc69b3ef12157c1ec7d9f0f554743a74e09a9803fe24de4122e8171f3daf02e8b87d466c79e3d2f5361f7ee71da91550be6a