Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 03:36
Behavioral task
behavioral1
Sample
5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
-
Size
51KB
-
MD5
5b46556c40cec6090ddf4563a7598420
-
SHA1
319927c223985beb5ccad89d13d01e568ee5a4e3
-
SHA256
ef1595504d485742ecc8328e11a1dfa2af463f90592deee04a82b4706d5c6fc4
-
SHA512
dec1ed43d5a0c10c20c1b9e4c3284e1a90e37750e0d0ce12bcc8a2002df0561714befc92bf987cfee5f1fd4d69f7ca14dbf970a317e95d735bbe35101400c6d1
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFQa:CTWn1++PJHJXA/OsIZfzc3/Q8Q8/8RYn
Malware Config
Signatures
-
Renames multiple (3781) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2180-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\jnwmon.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\SecretST.TTF.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmpFilesize
51KB
MD5fbabf099e9f86bf9f6dfa85e8a913544
SHA1038bc9d5ba56e4a731964d2f30bf646e09cc3095
SHA256319526e2ab81e6533ba70bdbeadab31152e3e664b7b2e041547a2e22eac98488
SHA5123cbdf33699bff2575c2dc5ded857b146b61304771d29aea025280160fbd710ad24eb946ebe04b4df8aa750bd40ae1a165e18fc174243b98c9f58e56cb81d578c
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
60KB
MD56544acaf9e3c28365d5dfeed47e2a506
SHA1b9835aa1c6548890fc5d41d2faecfd045dcc75d8
SHA25638d1c238a7aec60c5cbb5b216ddd57971a2e40e592274856845c7d4affa41f04
SHA51265874f61d5ab04a33090903773eed43f61f9b52f1807291d789b0e885c34288865c92f932c36266911cce4f7d330457ff8e24f1a24c2f5660ddbd74756b8cf50
-
memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmpFilesize
40KB
-
memory/2180-86-0x0000000000400000-0x000000000040A000-memory.dmpFilesize
40KB