Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:55
Behavioral task
behavioral1
Sample
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
-
Size
360KB
-
MD5
551fcadaa9998c365de1331dc7df11a0
-
SHA1
5172a064a1773cd17fc5168e9c1ad4b017984f48
-
SHA256
59377316bfe639e8d7505aaa2e8a9b13b753df2d3de2eb84acb6d0767ef640e1
-
SHA512
026543ace51216a8d11803807b6ea7657baf7035d0c2b0ef3d86ba11ba52ce601293c1377a16c641f9ec987ba04d0f989f120e3c54ead14d5886d47eae168f55
-
SSDEEP
6144:KiQSo1EZGtKgZGtK/CAIuZAIuMQSo1EZGtKgZGtK/CAIuZAIuj2x2a:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKg1
Malware Config
Signatures
-
Renames multiple (2560) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2912-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2912-250-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\7-Zip\Lang\is.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\npt.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mn.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmpFilesize
360KB
MD51638e8f0b6db43c8ded31affa734f9fd
SHA107bc9534ff8712c9e97f2ed597c5dbadf5c793ae
SHA2565016e9552f5f6f04e237abfb98aa64803ff48abfafc5c8b18dabd874c9bef850
SHA512f6a38c5f2eb9c32d8b4fc120ffb52b63a56d0f3786772e23abd75ad7995a18a39af72d7b3509ca013fcb1b3900a39500feb6cbd1dcad9d9e189752b8e4f147cf
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
369KB
MD54b5e15b9aa5b76b6b762c0918f044964
SHA135d0c735da10437cada96b9f6ded737d42f3a857
SHA2564c497645156ff8cfd936d0b8433ea1f098a8f97d1582fd920f4925fc2ef10a68
SHA51268939ff5e02217307eca3fcbd89f561ce8b94476c8d15b479b48fc889870cfd5420d5677bdfaf48bd63bca3a484bb45a55dae9f84626bc2bdfd8c517f361329a
-
memory/2912-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/2912-250-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB