Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 14:04
Static task
static1
Behavioral task
behavioral1
Sample
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
-
Size
51KB
-
MD5
4050f1c57348b30e6c6b9913a3e41bd0
-
SHA1
5aae4eca1633bc22042098638c79e7b94cf7ed87
-
SHA256
ba21be8c36799d80b4d123cd3e7fbacf92549a146b8f9ec451cb7683f0b808bd
-
SHA512
eca09860bc6ae243ac571185e9cce8135744bb7ef30b6619d1a22c5e37065ea8cdf7fdb627d954cdcf9b9614d88d332c50a62db3229c9a478978d66cd046fa9f
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN4meWpcccA40y4kMqre:W7BlpppARFbhWJQi04q4v
Malware Config
Signatures
-
Renames multiple (3758) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\logging.properties.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\io.txt.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\readme.txt.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\images\bing.ico.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\zip.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD5f511c4e8cd86bc56116a36cedd7ea4f9
SHA169c53d24ae4f2f4a62c24d42167e5c3f2f3a7334
SHA2563e7930a6c8c9d96464feea8d317cc2c21852164c7b503d42776efae038283827
SHA512d3f147dfb455159e14180ed6b343feca567597f92c73e07f4dbd26e26c3260ab28f47c6dcb6511943c519a6272dbd77afc98b6fb4b9a2dcc015c8ef00be0d0a0
-
Filesize
60KB
MD571a101fb280b1df79ad71a0079468246
SHA12200a010c70f31fc63c7b8baac38df0befd1add8
SHA2562303ed95f798609fb6678b993963452d9f1876ec924a60b891bb0fb514d0ac73
SHA5124999c2d75feb0542b264106ec059467a64185c3591ed1cb43cf801e1dce2323c548bc92c198b1099feef71900cb710c9f933737eb2ff0ee84c8ed0f081604956