Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 02:49
Static task
static1
Behavioral task
behavioral1
Sample
5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe
-
Size
97KB
-
MD5
5884c891bfa55e1d2aac42d1fdac0690
-
SHA1
92682b52665072cec611f5a506216f5de2f22340
-
SHA256
4885bf1891f18d4ade0835a78f1d346dd95f244ed6cd9cbfe24ac1684a0ba73e
-
SHA512
e1c350beb712ad1cb5442a7a0475ce95a45db079f3f1ef743f8814b5797a5ccb6086a13efd59ec5ee567a96fff96d6ca8b9947123663e6889951bdb3d606bab5
-
SSDEEP
3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB0:PqFF2Ie+efsim2f
Malware Config
Signatures
-
Renames multiple (3470) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exedescription ioc process File created C:\Program Files\7-Zip\Lang\af.txt.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32res.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp 5884c891bfa55e1d2aac42d1fdac0690_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmpFilesize
97KB
MD5b834da3e98a6226fa64e5c21fbc1b1c2
SHA11d1c2a4edd21055d61252309cfe5926109476438
SHA256c64a95023f0542f0d98c27c9fac4f3ec2747b0d2ad01a2902f711b161da37594
SHA5127e31c3c51da48244dda306a5b47233657dc81d5655ad1eb0eb79322febe2947f066a9ea1e093148bfad08faddfee2182f2f41deaa2273bc600624b3a51086934
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
106KB
MD5dc5b5a7199d991e796d2d7ee4ebb048f
SHA18dedc92c2f048faf3d9093b2ba61791037b1ba62
SHA256a83bc6b87c2d5471083e488d2097ea1662ff97d346c2120fda9cb27a53559996
SHA5120e50db179cba2503918b793cc440f5b6591600957e3a1b7e4f81893b7dc96a174376e77f64983e8528065cdc58f6850670b61d6a8c25b0f89df35fb14cf218f5