Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 11:57
Behavioral task
behavioral1
Sample
38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
-
Size
46KB
-
MD5
38b4f00f272ea45736d31741a3c95450
-
SHA1
6988836cf9d5294ea45790bb9395e36c4a5223cf
-
SHA256
215a4bbfd2fca313e53bd09f6a2f8e8da0451b97ebe3bdf822febb69d302b316
-
SHA512
4a78058a4b48d5a29e748f34ef15716410d7da2ff637b6e7c6974d5a0927408ab9e768e70d0d28cb5ffead45cf8d02331441558bffc0fe866c7758e38f1e34f7
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzv:CTWn1++PJHJXA/OsIZfzc3/Q8zxV
Malware Config
Signatures
-
Renames multiple (3745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/1720-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/1720-76-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5424a354956efe46f5238901ad2777f43
SHA175d244640a2fdc144af547274ac3fdca1d0c5306
SHA25675869a4bbfe0ec7cc932c1922295546f285994763fe95ea009221c1644ea7ed0
SHA5128d47f5dc6f90d7c0ab405212dd482236ace9d70d4107eae34291585fef8afc9a004295a33d485f699303fe3390b4503e5e23564eac75e6d66f1d762ad494c2f9
-
Filesize
55KB
MD5deb02d006ed24c1c243cc7f6d793e84d
SHA1659f7eab152d0659ae122cfc3c2d94a88097ac9c
SHA2567af674835f23130b8488ece8f7dd94f2cb71c67c1c8ff7c875445738fadfbac5
SHA512768b3a2cc926cb903da2fbb57dee13956cfe12649eaf90785f3202fe662502dacd81c686665581e1f9a6e0db2a9f046aa1eecae5259f308064d569ce8a544eb4