Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:25
Behavioral task
behavioral1
Sample
537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe
-
Size
46KB
-
MD5
537e9ca6341e87422a0eb9089e722020
-
SHA1
32f1114da28eac9bd2512c2c15131f830820fda6
-
SHA256
0d63bc138e60a23b18fb94e8d2cbc14b3c4b3a9663d9620fbd7131be56431157
-
SHA512
cead37c84767e2635fd9e6a6683ea42ed42d017629393621e8d4bd99cc6e950ebfd615c2db7790c810bb84a9f80348d1194db2306aa24179f097e950bab07c79
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz4:CTWn1++PJHJXA/OsIZfzc3/Q8zxC
Malware Config
Signatures
-
Renames multiple (3737) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2200-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2200-80-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exedescription ioc process File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\sidebar.exe.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp 537e9ca6341e87422a0eb9089e722020_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmpFilesize
46KB
MD531467de1596e9f74c24c0e0bccb59ee9
SHA1b1898960b65bfe7467cf9a890c17cebb4bc9a4ad
SHA256c1f8e8ee011088e52199505047566e068449a5096198ef6ff4713b2d0a3efe62
SHA5129d61f24c19f2af38c3c4cb7787ee0716bbbe550b375d31923bc1998ec1b21277a952e2730c67204803e983f8e8910cf5e21c2a3a7ff192f3ef60b8107c6e41cb
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
55KB
MD56d0db04f8c24e30589ff530d0b5bad69
SHA19bf3ce8e50bae315df27fff0ead4fdcd1d24f885
SHA2563896174ba3a72c0518c44c8b8965949477e198bbff44fc6ec3ef5b973c83f7dc
SHA512194e5d10a7979bf854bc7c6176f2de83d2f7c4809de8d6148289ca41fa09a2ada60c3a049421c5171b68ac21edaebe1f031e26216eac463e2569bc40fecc32ba
-
memory/2200-0-0x0000000000400000-0x000000000040A000-memory.dmpFilesize
40KB
-
memory/2200-80-0x0000000000400000-0x000000000040A000-memory.dmpFilesize
40KB