Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 13:51
Static task
static1
Behavioral task
behavioral1
Sample
3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
-
Size
46KB
-
MD5
3f87a6ecd68731725ac090fa7ff6fb00
-
SHA1
a527379e0349a7dc695c18256a26849eb0954eb4
-
SHA256
0846b2152c636b72bb25a6daceb93dd84da891c88ad6b8129f8b0eb3ad7eb28f
-
SHA512
c5ff6c1c986c02f16a3c0a98fd7ec54cf784a02ffad9207918397f013c383ad990498a5c780f9a05f12c16dec3a9c8e86f722e2768d0a2acf348e48498d35e56
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecD5:W7BlpNLpARFbhblkYlkuvIYFWcDYcD5
Malware Config
Signatures
-
Renames multiple (4071) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exedescription ioc process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\he.txt.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\lv.txt.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\WATER.ELM.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp 3f87a6ecd68731725ac090fa7ff6fb00_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5ab03df8389ab70595585d7dce380fee3
SHA127a14caa6aac57bc5d7c911a4c376fcb212439ae
SHA256363804ff87e37f22c7241509bf5e2eaa7aec114a7319fa990ea71c7655cc7b41
SHA512d14ef7a1bd63067b8af5677ba9b172279fa2089117b90c5aed5be55eec29fe2c05680788bb26687cd28cf7593620fa94b5818a1198f4e4e955364017886928d7
-
Filesize
55KB
MD53ea171d19e261a5b7b7498e9b05d99d4
SHA19dfb55da791bf47745c48fc34b36d5c6f42a2b52
SHA25653d7241ecd1fd8e553bbd0407c0497ac606a751e0114f59a6f0189d7ed30d6c2
SHA5127ce626e6d8bb9e58560e1a71efb3a5dd910e17294afd45a47cc0b3c6373fe397006ecd97828d85f5eae74f4f93537de9e3f8a1b2cfa8353a622eb3e22793931a