Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:24
Static task
static1
Behavioral task
behavioral1
Sample
a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
-
Size
50KB
-
MD5
a1f2f462c608a209c5ba34aa379c5610
-
SHA1
0423a45f9dd98e7955195262bc7784b6e4552c01
-
SHA256
f667f5e8111a397187ee4ce34b5416d76c43b4f487f31422d81a9edee58e8bbf
-
SHA512
93ca4501154783f858a0c11046751ec3db01cecc7165a94eee50d30ac609dfb1e9e3db49707dd656f68fa8be27ee0c9ce3e73c9ed9093c221b880c7d8770dc51
-
SSDEEP
768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDeR6OR6F:W7ZNLpApCZuvIYYoYoOl8
Malware Config
Signatures
-
Renames multiple (3790) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exedescription ioc process File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FLT.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tk.txt.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sw.txt.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\bod_r.TTF.tmp a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmpFilesize
50KB
MD5fad69b5383f2f94fc2866b7b995174ce
SHA1e694f4c94a1fe2cdf7f9d39c5b0734395279db2b
SHA2569f7dc2631578a88c49d3a9f4eb9653b16d204ad0f1c44cf50d294b56f16a6c25
SHA512bd61697a4c7135d3d89b2e13979330892ab153ac83fcf437129be93692e4a77073461e12a03611d0cd58f636a5b1fcc21c6736dc76361b332143b182fa6ce21c
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
59KB
MD511dcc3efdbece4fc88bf8e67ef94d183
SHA13bdf9a0caa0582f5866ed0c2a1964e567eb633c5
SHA256b648e7fdcf48a4cd508837181b099c82617a2ddf240d5c2585b270acc43a2b49
SHA5125a7493a3d5368e92ad9d51c7ae28da197a60df914f4055e9ea477d6db5fdfbfebcdbabba0f9467cd2bf5e1e7f9e7d25d1a894da8c650ed0c15ef92970a8b2119