Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
11-06-2024 01:36
Behavioral task
behavioral1
Sample
22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe
-
Size
45KB
-
MD5
22cb83a712332d25ac168eb696b34180
-
SHA1
cbe4ab25778237d8801faa7ad193ecf08ff6bb92
-
SHA256
bb94bee6c6c77e1a727cfda5d02528a049ef1297ccc4aeb3e663fd2026ed7a1f
-
SHA512
2db4b57a0eef2aa07092f3d6a8c16bef670e81d504f06fb83bc9f2d0ee94738c5b89db3055eaaf9ca6f88194eb939eb867e1a6d83d7163b447395949163dbe04
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFSm:CTWn1++PJHJXA/OsIZfzc3/Q8SNkNT
Malware Config
Signatures
-
Renames multiple (3965) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2172-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000b000000012301-2.dat upx behavioral1/files/0x000200000001048e-6.dat upx behavioral1/memory/2172-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\MsMpCom.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\removed-files.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\jfr.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fur.txt.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\UninstallSubmit.pptm.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\CASCADE.ELM.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp 22cb83a712332d25ac168eb696b34180_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD5c18c48d0e1a3d81dcf80d3fa524cb624
SHA187de18fcc256a2db9579dcbd016d08d92f54b99a
SHA2564bdc84a4026cef42c8fdbcca845d3614ab93d443a53d256e7e9dfde7967def22
SHA512aa5a268f065cc453b80decb6f82d88ba7186d1b7e936c147c257dfc8dbbb69fb59796d07f6ed1d5a232c7115f90543c3b5ca247d64d0d13ff2bd0c304af5a4f7
-
Filesize
54KB
MD5aec9dbfc982ac6b83694a37bbeea298b
SHA1583ead937ee266edecd7b4f9a1887fc4e4a9df6e
SHA256f9ca5599ee925c392638e80a60c16140bd7bb98a034c862a4316acdd78791bca
SHA5120790868d161f0d6b18b1bb7e51a5eed56ea27ba0fcf46dbe8d2bdc2633137d2dd8d8808499a6ce3373fc2b99d4c5d9dd287c04bbf2e1558bb1c25e9fd42e9cfd