Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:14
Static task
static1
Behavioral task
behavioral1
Sample
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
-
Size
46KB
-
MD5
52eeee6142adcb7c8210798f75a98af0
-
SHA1
31402526d9b292bae855573d0532ed73b42c757e
-
SHA256
8d2a709ee530d83c29424a279ab4a0c8e8beeb92af3b44a1be94232e6441e440
-
SHA512
ab7e6cd4cf002e4d845ad8f3396eea4027ee17884c94a6b67b9e7355754353751d2a8641b37901f4b8a3ef92a7fb70029821a3c5aee1a8bfb7de105eb14cb6db
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDR:W7BlpNLpARFbhblkYlkuvIYFWcDYcDR
Malware Config
Signatures
-
Renames multiple (3773) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\MsMpRes.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwgst.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\currency.css.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmpFilesize
46KB
MD5ed854a70457a12d59c4f151158610ffb
SHA11e6a5bbc92578caba3b9fc695fa0b3f8713e079e
SHA2561a7d17a787b76832a5ed608d36059771725d1338ba6bbff0a7cd13bb4ed7eb01
SHA51203494897bef7ddd78de50d2b8e1b10a754b1d081682ec809ba1903fda27427c24f7adda9638f2371980787eb6080a767f2d772fe003fe234e6605d56e7877b32
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
55KB
MD5d6cc7fb179d83f69f11026c0b62d6a82
SHA1fc5836caf2c02cb6abb2d6e3713cd09e63aaaef2
SHA256bb8c717fab9d370bde3af03b219118a93f6ad2419ad89d7dafc4f7d270ad868c
SHA512c83348ac8d0f8bf6c9f417aabdbbfbbc8aca894de8eb4f1c5ba33068fa766709b47688f4412e660ef5f2b9d533fb61aaa75cd79655536a656caf883a6afe5dcd