Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10-06-2024 23:44
Behavioral task
behavioral1
Sample
1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe
-
Size
82KB
-
MD5
1f9c3b490cb8a0f02d724b417878b3a0
-
SHA1
aefa7d7cfd0fc2c2a6fc157dffb1a17a3faa6344
-
SHA256
a6e5ba7f9b36176b0916194db829f4fe32b472167f9416c58fecb048cb5a3e25
-
SHA512
c116d2b8e11ca404c6397ac755c4198bf2c18b3dcc4fac30c85621cc225553218c459c4fc6925eeed38eab0a28a52c6507752c6896ca3f642f193c6be78f3d21
-
SSDEEP
1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuXsJtLJtvQP:enaym3AIuZAIuXT
Malware Config
Signatures
-
Renames multiple (3586) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000d0000000153cf-2.dat upx behavioral1/files/0x00020000000106dd-6.dat upx behavioral1/memory/2172-654-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mr.txt.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\WET.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp 1f9c3b490cb8a0f02d724b417878b3a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD5cd94d83d17b60aeec6f43e0d1b03e42e
SHA1c33b10a9dc2419ee3f1a21161c36f5724b7a2a7f
SHA2565cc3f3d9a82ebf3acbdbcc0ea39f064191b971f0d46e939d0582a0c139e46b9e
SHA512dede430324b16e6bd4153208e79b8dedab2417c58abc7424f8faa5232dc7abd182908cce3869903c9010fed3f9e88e321a0f0695167bc422cf2aecd5ed79682d
-
Filesize
91KB
MD57e64ea3d8c8bcf1bfd3fa6e967ee6ac0
SHA15b716237cd14684ec8f52af7dbfad14ce48f15e6
SHA2560ff5d29e17291f1193de33213c83050b53c01db879f0e16a4a75bb2d8cbb24ea
SHA5125bca4de28c0c456daf74011ab358df67c1d63edccb7e86e6a1402cf120ea79aef8591d51777f7902e354a98bafe129cc40ebb3c91ead8081c0c59103a821a14e