Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 03:38
Behavioral task
behavioral1
Sample
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
-
Size
259KB
-
MD5
5b5cdc537a5baaa53898305be0d62af0
-
SHA1
2b367f92fac4ed486a331c494dfa7afbb6d68f79
-
SHA256
85aa5c8e2d96976559ce0f962683c7ae649f615ca2c9e54808c0c9e94e670515
-
SHA512
6cf2786474ee14e2247968258f20ad32721597aa7cff6b78a9f1c7e3964b55a1b7b16b4ef055ed39ae6677be4709eec98aa5eb6a8b880dcc8d59320156a00121
-
SSDEEP
3072:fnymCAIuZAIuYSMjoqtMHfhflixitfAIuZAIuYSMjoqtMHfhflixik:KmCAIuZAIuDMVtM/jfAIuZAIuDMVtM/e
Malware Config
Signatures
-
Renames multiple (3051) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2180-488-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sw.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ps.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fa.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\hu.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmpFilesize
259KB
MD525718e5944f770c8aec097f564f86612
SHA16f32c36b7b92e8696cb579174522e522028c57fe
SHA256160d3fd9bd5b457cb3c6a056e433f9bfa0ca2d7299524b12aa84355887cde0d5
SHA512bdc4eeb056f9822a43cc58486f084b669dc682e095e9e350e19dfc74c5ac72e3ce6145c3fb5ca992f6ae87c44e59f6104629b61c5529fc906e9d72f01f17ea26
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
268KB
MD592be9d639f18d8a88e943ac96063e21a
SHA140638dddc96340ebe5b9e3f6ddf0acddd4eb82f9
SHA256b5258e01bee977002357c95dceec91693db98ad1fcf29839d0c8b1821a2cf01a
SHA512cd32dd24b644cef2f9cef387becb4eb76804366c06c49f968acd3e228fd49e1395bbe3302265d39c22d2b08bf07b58829cc9d1af1876ab6862a490455b2ec405
-
memory/2180-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/2180-488-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB