Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 02:47
Static task
static1
Behavioral task
behavioral1
Sample
5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe
-
Size
62KB
-
MD5
5851bd9b514eeaadd9a1e508e0258560
-
SHA1
f9b7d6567b294b44455bbd261458fe348699a028
-
SHA256
5c1cc6fc519c7317517be61cb94170c15e3fe43e8eb966388be800f1d982c847
-
SHA512
75e2adef1a3730e640a034bcf0d061b0d5feb5b87cf2cd934df4071af7b1c420a0ddd10c6f42dd59a8506f00e1053aa4a7e145a5b9c1e982cce696f2bf18b143
-
SSDEEP
768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlkt1:W7ZhA7pApvOsOKjC0YSilpFpfkJOMA
Malware Config
Signatures
-
Renames multiple (3712) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\JoinUnblock.mpeg.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\MSOERES.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\management.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp 5851bd9b514eeaadd9a1e508e0258560_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmpFilesize
63KB
MD583a51c1e8e6df59c62c2a450c056d5f1
SHA14bc1745561ba94a080c6dc351b020610f68e087b
SHA25663f092952d3ced89a96ce62ca4e1cd6a8f88e56edc854078a2cc8e07c20aaea7
SHA51279c5cf8eb5e2dd96f767a803ff4bcbdf826b9cca960dc605b747a5383321a07d8552f6375f44744107c7cc38bc31bd2fbe3941ce2fb3f0a962369c0968c00aca
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
72KB
MD5c552e7e91029710c4a47160145372b26
SHA1850c6cdb01b6bea815c5b0fea235342029293915
SHA2567f932c5f3247ac1662aaba12c7b7cc4b69cdb646c4d9b3f3ade0fb93be9cb968
SHA512a83413bee66d62cb1cbb6bdea44c574f3cebfb3e0103dfdf21081c91abb04b72135f9c33c52cd787a0b17a8f9f0287d6293486efcf1fe3b91979612c7121616e