Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 13:28
Behavioral task
behavioral1
Sample
3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe
-
Size
46KB
-
MD5
3e57525d1b48636a9ff42d3c5b7de0c0
-
SHA1
f15ba37b3e4c94d733cae9053afa777c860f75cf
-
SHA256
0f73c109cbef0128cc42ddab50cf3628fb5b551a7f2e2a18c58aeb8a4b821b16
-
SHA512
ea9cf8fa4233f910e2ef9b7925ca0199fa23070f92a7dc5ce088a0deac2a179371ba3ec225e129bd5e2eb5838dad3424673b9e727c4675774bd0310e07eaa22a
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzP:CTWn1++PJHJXA/OsIZfzc3/Q8zxN
Malware Config
Signatures
-
Renames multiple (3728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/1460-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/1460-76-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\blacklist.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\CET.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\release.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe.tmp 3e57525d1b48636a9ff42d3c5b7de0c0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5d0d0bd27abb052fc2767d25a462982b3
SHA160c026294f6bcde7c4687bada76db4caf7aad0ae
SHA2562ae9a50f04c8d1f0386b078b5d9a481f7c07a1568a870b0c08de273a5a0da5ed
SHA51278be3b3a2aa2539a2a0372545c3389f866a4d2debc5ec9b262c334668b9e5e5cb2371b37ddf0645a2a8249c8704a2e2654a74ec508f044115f43542ad740e5fa
-
Filesize
55KB
MD5ec17e8229b9fc658d71d304fd6b5ed15
SHA1c857753bf65f5f6ccad6e32dd39eae051f09c976
SHA256965534da6f51cd11dbc810b1d08092fa88b6a974c43ff6ac524f8291992efe75
SHA512c348b549fe9406b7e4f480ad3019db2f1d195e97d9c1c561e7be9393431ad50db5eb60f2b6cf0fb3e0d8a4a1bf28d29c75db34eac86770046c99d4e8a010fbfa