Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:43
Static task
static1
Behavioral task
behavioral1
Sample
a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
a3d385dc46d545e6c53be1a36e324fc0
-
SHA1
a9b131246fffde5cbcdc6f2ee44fb8470c85f129
-
SHA256
58b6b98a4ea5b3513adac0726a1cb74a6e25c3730a6f8bbbb9681f0da122812b
-
SHA512
7b2ba22dbc27f511e29268e276806e57f61eff23c409f7d2fd759784948c4f54f0380843946eb3b44a20e90038657b73db085a8deaaf5970abed867a9c0677a1
-
SSDEEP
768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJi:W7Z9pApQESOHepOHe8G+6E65TGA3vICU
Malware Config
Signatures
-
Renames multiple (3708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\mr.txt.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.3.2.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\platform.ini.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\management.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp a3d385dc46d545e6c53be1a36e324fc0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5695f94bdfbfd907f6e5a4fa2181af188
SHA1f8318ea277c7cdee09792a0e4ebb5a485a0dab6a
SHA256a0ae23f99d4d0680cd9762956bcd9f22147cf6d886ad93799c4ade58b9ff1876
SHA5121a1f35879f03724d8c104386376c78212c4b561a00ca961f4b46f288046cd4174e07cd7b3e2e7a6bc4cc546a7432daa530d515f919f8a3aaf712c2def65d411b
-
Filesize
82KB
MD507b1c4b3b400cc5e664b5a39e5b4c56e
SHA130b8815ec61d0d045f52c25bb3a1b739fd5e886e
SHA256933fa5ae9b92fb6bc14b90af8de288dcd5be8c8e160128b3cf3016a8f205ca6e
SHA5123b987ccdac97244e6cc79648c5d54da3d426590aea505b049a33552c5bf3d1c7a8e912624299c885e735cab484819f3c0ccc354a1153271249177684aec4d648