Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 11:41
Behavioral task
behavioral1
Sample
376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe
-
Size
54KB
-
MD5
376a999a90e1f8d1ba8528e8e8794fb0
-
SHA1
0801f714cabf4ed1f3db6c45c938f4d30c08e95c
-
SHA256
7ccbb21a7810fab28f670b813f5bb1a834acdc94cba5d2a66e445adf410a20f4
-
SHA512
357333f3ab44fa471f06ebea008d8b7adb1ffc17279be0dc5a24dd3712c1eab40ced320484590d032c2966559511ddd9f6e20073c5de4d41dd1ffe35834ef9cd
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQQ:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYZ
Malware Config
Signatures
-
Renames multiple (3823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/1492-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/1492-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\picturePuzzle.css.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\java.security.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fy.txt.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.tmp 376a999a90e1f8d1ba8528e8e8794fb0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD57fc4b0edf955a42426c3d4086dac19cc
SHA128b775c33c7737865250accebfac1ea276bb6796
SHA25667f14347c27a811053b1380dae8be4e11075a9db7da6ca5baf80647683007d20
SHA5121509d19e6447cdfe5b55282f1030764f1ee0dbf5cfc7736a26605a99397b9c00754425802f60b81e28f3d1866089db58bdb9f7bb472ca781bac769d609ae72ee
-
Filesize
63KB
MD5dc4559d4ffbc481a067da39cc7107143
SHA1589aca4cfe336fa3f927f88d0123bdb0b3950756
SHA256b75edc612ae7b8651d572d86d141a3e2f8ba3b080c287b2c29ed00e8616c5a6a
SHA51215f345d72e013c77af6729ab321365c29f46d9e3b4b8b8e59c2b449d7b5576a5f7f40b7f2b4371805eab7e21f1c005cb789f38e6a76a85cbf361063a83be9302