Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 02:26
Behavioral task
behavioral1
Sample
83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
-
Size
364KB
-
MD5
83b4b38ab22285db9c1803f54ef639b0
-
SHA1
186eaf9e015ed93f4028cf740167958a1070fb67
-
SHA256
74cb67e969c5abf429bca2093376f64a15d4ce2c6ba8431ccce8bf8b05665cb0
-
SHA512
2f6cd1b7c7049b9c21427412765b5244f04698c4dce8d1e101552923b688d0efd446a5ac036a5cf2f160eb8441aae7c5cd2f04699fc0e2061b14a0cb024fc08b
-
SSDEEP
6144:hfAIuZAIuDMVtM/cdo4Mxdz68XUrdrWnGsTAvfwJY8Gp9WQuZUw0HfX+B5ywHeGn:ZAIuZAIuOVdo4Mxdz68XUdWnGsTefBAJ
Malware Config
Signatures
-
Renames multiple (2708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1284-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000d00000001226c-2.dat upx behavioral1/files/0x00020000000104db-6.dat upx behavioral1/memory/1284-74-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Merida.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DismountExport.dotm.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp 83b4b38ab22285db9c1803f54ef639b0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
365KB
MD5932e0073d03a208eb84f626040fdcfff
SHA155d701873cca2f4bc6b276aa181b59e3f1186361
SHA256bea7f1b3cfb43e0e12e0f9a5e14b3db8861d024c4196e98674cda7f1a0f127ad
SHA5124e5feb230750a8063115f5beed67e0ffb9270bb0b2410cc6c0a5d6f66c7d1ad13560aec669909624cfd1ea2e7aca6b9c870fd99317870b3c18d4917cad5ada42
-
Filesize
373KB
MD554d4d7abbdd550f8f4311f1643c4a6f5
SHA1ed97f768893000f20eb0248db09911687627aef6
SHA256504c64dbbb9417733424f7c9ac4829ed247c4a36b730968cbe87f850ff79d74e
SHA512a40327e8efd2727a0299348a281e9831a30bfecce486d6079f286a1ce86d3d951be9cb4c77baaa5fa5f8e08919ffacbdc1944f123f4e6ad7eff9e1d0a9dbf1f5