Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 03:26
Static task
static1
Behavioral task
behavioral1
Sample
9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
-
Size
46KB
-
MD5
9e998e2db856f0fc914b1855482fe4c0
-
SHA1
0444d8260bdc2df0e72cdb4d2bfa406a7dcfa422
-
SHA256
540c58b0344f9538724c9c683b00be871ad8dd0a1a1b30fd9c9636cd1a60fe03
-
SHA512
382f445a1158e7af7e2178b5859db748960e860c7e84b16d0cd57daf90c360c9e11220fa603014fa1e7d2ef577d79e4437d6bb81f4b12c7570df0f413275ed20
-
SSDEEP
768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcd:/7ZQpApze+eJfFpsJOfFpsJQ
Malware Config
Signatures
-
Renames multiple (3832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\service.js.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp 9e998e2db856f0fc914b1855482fe4c0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmpFilesize
47KB
MD59d777fab351b7a3ab9f8414e1b9b4d28
SHA1332113f0f24538297b4408ac6c4113be20f42e35
SHA256c1bbe6d0227182ad2af10e71a269328a576cf6a03ffc1c967d3cba422b998e04
SHA5128081844a00e4a55c6730ead9d256c4d83e84d16c8e507065a4c8676dffa904f3c5a2241650aaf4963abf727489295bd5a5c424712f6244299d484abedf0d8948
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
56KB
MD5435f0c52cb8f5644eb52e17e38ccfc4b
SHA17f46b7be793454e9460b0d174cbf1b0c0a70f7f4
SHA256455294e586a3e94614c95988974f2be830f8b5a88559df5a21bd21af8472b56b
SHA51276bf227a37d2f80dcf1600ef83cc5dbe6c6f9152ef1e0cde6cea5bdffc35abb7db126b48a60c566012250cda59d1ba5e245d4f1a7b342cae81bf05bd73b7ec0f
-
memory/1924-0-0x0000000000400000-0x0000000000408000-memory.dmpFilesize
32KB
-
memory/1924-668-0x0000000000400000-0x0000000000408000-memory.dmpFilesize
32KB