Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 02:09
Static task
static1
Behavioral task
behavioral1
Sample
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
-
Size
46KB
-
MD5
5622aaf012e3f8a7bf39f2d3c3c65f50
-
SHA1
dc9f21ea80431e02d3c754e424c90f177e8a86ee
-
SHA256
8178ddb796f0b70c69fc7867889eefddbe641ac3536c18b4ad3efd11efa83d7a
-
SHA512
0e23667a77bf3fca08210556ba943e17720701fcc98495903a70abaea2b462b5073c75fdcd0ba90e458a622837923a37516810c565bec9a0ef1e134e815da8e3
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNjX:W7BlpppARFbhWJQi1X
Malware Config
Signatures
-
Renames multiple (3777) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exedescription ioc process File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEWSTR.DLL.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\wab.exe.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\gl.txt.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\gu.txt.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmpFilesize
46KB
MD5daa0f96fb35588d954c140cd21ec0692
SHA1360f39b2058c898d326de685e07acaa839ca27ff
SHA256b17d714afc3622697d16f794e480dd777aeeb4a7f4efc37cb67e6bfe1f57652c
SHA5120b50def3eaaf040eb3bad564c1f7ac081c6dcf11d70e4d79b230485408b9d0806f4d4ee39425b3f8b34e48fb9a1bcd76b566cb6cd2d7175f06bec47b92b87dac
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
55KB
MD5ab9806296f930697d8f69b1d9f219547
SHA16082a73e43d7416bbbfb9f64a8235e84c4ef0fb5
SHA2561431a3a9e842076fbbd0f1d0bf1719fecee2b0725cc2aa871dcc378d4836f1a5
SHA512149e2566f9cb700cd9d65d30fa87f35ab1e5fdeee68323ed5fd6fb38f440892dcf9d1a6c598f0ae7f11e7c83a113797e12b01e408d363a6b9ef688a5f2a3efb4