Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11-06-2024 01:25
Static task
static1
Behavioral task
behavioral1
Sample
228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
-
Size
50KB
-
MD5
228d68ede681b88ced45a5aa80f9bc70
-
SHA1
b63b965e942e3c5a455ae63c62907c749e539452
-
SHA256
94aa84f8868c55d951e21781e20850ca58f305b1fc5ac7297bd6e37625066b76
-
SHA512
dda89ecd913a62add29c4aa787aeedd7bec6bd7fde497009436fac69fa490434a7d70807835ba7fab497b5c501dcbf60cba3db67973fe428c8b4b25aa1e97875
-
SSDEEP
768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcH:/7ZQpApze+eJfFpsJOfFpsJq
Malware Config
Signatures
-
Renames multiple (3739) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\fr-FR\jnwdui.dll.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipBand.dll.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\Welcome.html.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\MsMpRes.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD59ec9c091427b152ce6eba6fb03cf9bd3
SHA1d6f715802bac9418d604723e90ad50395e510dfe
SHA25688358723b2b732399bf59fd509eacff68890085c8407042c0251cf7dd6b21163
SHA5120b1ff14b9f879e4ae46e553566e5cf3b06a5d59034787da7289acfa8e2765f4cac17837b00d452031d190385782ad2a55e5251b7fa0d71a73ec5670340a4f26f
-
Filesize
59KB
MD594a9b9f01eed2a4a7ee1c8a79eb68b00
SHA10e08d38c4ab0a907cf5ac48b8a0b6914f70d45ed
SHA256ac60665ab282ef9e6a6709b30491f964644e26cbb4f37fcde3df4a53280023fd
SHA512a09fb8274e7365029ed0849eb114aebbccb80151a836b99702c60d6e02334a91e5e47d79a28f081645d97d9469ca9553bd3fd3ea83961c75c38ebdc7ea60a530