Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
09/06/2024, 07:33
Behavioral task
behavioral1
Sample
162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe
-
Size
56KB
-
MD5
162bf23874d959e41612f1bcf0b1e5a0
-
SHA1
fc7ffbacfb67ebad7118dbd8047a93c03bbb80aa
-
SHA256
7043fd6d8cf2a251bca7483ff9fbab41877f424b52e6ccebbc504ad8b998c744
-
SHA512
7ce1b13d4f48f520416b1c47ce21d1d6144fcbb55b933df595fbad54b53e9d08dc787fe322025110387591b68fc8009e4740a6913010ea24886bbfd4c05d0695
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLKU:KQSohsUsUKU
Malware Config
Signatures
-
Renames multiple (3671) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2088-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000b0000000144ac-2.dat upx behavioral1/files/0x001c000000010439-6.dat upx behavioral1/memory/2088-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\it-IT\Sidebar.exe.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7zCon.sfx.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD50f6e165a706f1748d83e8217a3d2e764
SHA1028170cdba095868a1f08ed8aa2e8d76fc702d0a
SHA25619f60aac0ded0f5e17b3f41c26d4d5dea793e8d19b096fc9fd53e3fe4f804246
SHA5122e403b2269ca0031770d3219243a838e856bb1f22cd8629a9eb393f7b8dfd09f38fe40296ea265a840983af48be3a8bf1903864d07d877e2649dcaafc90d0e9a
-
Filesize
65KB
MD508f7caf75c4da5458be2884d8d7733bd
SHA15d404d1a5beda0f5400d092822fc9c13dd86ad8f
SHA2562c436f026e7914cd96ec79663c41e99975144195d207e7806621599cebc2b518
SHA5129410149574277147cd91676bf54df7b81f59aa115658e5d89ef29fd23669158fef2ba78a415eab2a21875696d5c34eb807c32d56613535ef3669a76cf0cfa20c