Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 03:16
Static task
static1
Behavioral task
behavioral1
Sample
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
-
Size
42KB
-
MD5
9e1284ab458121573aab140b409925b0
-
SHA1
e6b805a56ef6fb33e6e1fff7be491caa79f70dbc
-
SHA256
1bb2e79ccb16012c8197b013502954d098536fec325105c653011b2115392619
-
SHA512
43506b420f9498c29494740fb7883035b691f5a99818623e5070c89b8e48a22ac36208989502aae73e4b83c433272b9a994456a44818439a627f4ec95a56914b
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsj:W7BlpNLpARFbhblkYlkuvIYFdj
Malware Config
Signatures
-
Renames multiple (3728) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmpFilesize
42KB
MD54d1a6623d370f542686d3c700917e55a
SHA12a31c2e77eb654cf3201ae2b7e717b1c660d5563
SHA2568f2c403ef45dd6ae5217e788849656a3404f9036ee4549d84cac0c120d7e9f42
SHA5121b5bac5958466f5981a6ae18def0f7ab4c8c4d549f9158dd2fb0ba3c7129bd9d901e7c4b6751c55bc40a6496473932385cef0e9f71538c5f9ac9e5dec699e655
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
51KB
MD57049f81f833da58ecf28777968d5f864
SHA1d8b2ae9e6c162cd47214e82c5625e751107fe794
SHA256e65e410921e52836f9da608272bb1138a266b595fb05c4da4f56c5b40ac244b9
SHA51278b42b9670181c2bf7a1a619b743af41f65fc387ceab5ec59d92601067d273974db83e6413efdeca3db4b61a235ca6cd154a8ee2fe4fc60f877d79f71b751af1