Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:24
Static task
static1
Behavioral task
behavioral1
Sample
536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe
-
Size
76KB
-
MD5
536a7a0cf7a3dac02da94c0fa84c8440
-
SHA1
f5d11cad948a9048c65db3d1feaf809b38b06ddd
-
SHA256
20035df99ab2532e7887ccc5caf2f894d4bd28cff03569ed951e3b2756f5ae2f
-
SHA512
cd9a6ee837a879e128db6fd47d0f6a98e107f7bfa569d279740f19d79c65b3d4fb07beddddfb71e266a6ece4553f40e624ce3db518d5db1a37aff144b5b98cdd
-
SSDEEP
768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHP:W7ZDpApYbWjIlE77ufL2e+efZwZ2J
Malware Config
Signatures
-
Renames multiple (3702) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tk.txt.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.tmp 536a7a0cf7a3dac02da94c0fa84c8440_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmpFilesize
77KB
MD5f788f6d6c3858a6f0bec822d3d5823f8
SHA1667d018bb6612995b1f4e92d68b013554a2eb7b6
SHA2566d95e1e60b554685bc365f9f44d59ee18c5275e70c64cd4c1530f055ee823099
SHA512cb1862f41d537442ace5eb678abdc5556595386b6f5425eb2dc1ed3289d3c8d31a55203aa20be8957a2d17d7c84231ad53c93010d0c69164cf88a19829f71e28
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
86KB
MD512fd413738fe77e6ffab4c53871c61c5
SHA1b54468a090fca98a7c0c6acc2a213263c515e70b
SHA256d0e58ccede82a9875f3b4d1a609f87004686f0c69ba046c6276e642552ab39a8
SHA51241fbadbe7cac90e0984bf2556f5452a08e42f488979d9da6f724dc608f66e618b8f0b4daf64ddca7f0d721d9900e5834a425b258670da218a685ef1101984240