Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 11:58
Static task
static1
Behavioral task
behavioral1
Sample
38d05949a223256e15c434db01a99820_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
38d05949a223256e15c434db01a99820_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
38d05949a223256e15c434db01a99820_NeikiAnalytics.exe
-
Size
373KB
-
MD5
38d05949a223256e15c434db01a99820
-
SHA1
27d7bff726d023e7b42c3cd72c728b3fb78ee6a5
-
SHA256
d09ed05fa388078054dcbe95e5ab2848c6cd2150f102c001733cfb8144138a13
-
SHA512
e12d20492c5002eedad0571b8d012df490e604617daf0b5ed64ac9031f5a56ef1de10e0ec94f35253bf343f6671d9ea0522e84dde28c881efa6dbd29004646c4
-
SSDEEP
6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsV:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewd
Malware Config
Signatures
-
Renames multiple (2689) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
38d05949a223256e15c434db01a99820_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\java.security.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\ExportRestore.wps.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp 38d05949a223256e15c434db01a99820_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
373KB
MD5b2306e172c650ffdf83d10221a94c850
SHA1925af3ece902e25572973ec0709f7743b01e88c7
SHA2568fc333e837f4a9527a6ebdc44b4d36315945187b999dfd0e95b24f6843e93d1a
SHA5123314e249f3acef09a4c468878665b0f752f10f61a7e6269519e4771b20c42d390cab730ea0460c2bb1f48409fbcff3984a523576015a01b1b7afdf81442fe087
-
Filesize
382KB
MD581b00b3c36f7fb75eedeece92beaff86
SHA1279161be603fa793a58dfcb44564bec8c736bf84
SHA25603e7a7dd76327e8ffe54b272e1f2301c90cfcf3a5a7315f126e7fd84fce950b8
SHA51268e9af34ed912304308c2c0cba4b2f807405b391500494803a9dc7e93aa89d6b48566c20e8bf8d8d1d5c9efa1b67e526478b8c568bf1b472bd8e6f9c5c115faf