Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:09
Static task
static1
Behavioral task
behavioral1
Sample
a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
-
Size
78KB
-
MD5
a125686b9a379c4e5bf3242aa82b1910
-
SHA1
a5a5392b2e1070eea983e7522b89031e5cef3b0a
-
SHA256
a071f8c717d3992f1752ccba135a5c9a7b44934cede86da59cb455985bbe7b08
-
SHA512
8805663230613a0155c10b65690f75c69c39e06d8c20bf1947d07ddc0595baa66ce902fd6de4a312574a931e0eafb8688085dc6a5fecb60391d8acd825b3262e
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhR:6pWpUFpEhLfyBtPf50FWkFpPDze/qFso
Malware Config
Signatures
-
Renames multiple (3723) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exedescription ioc process File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\networkinspection.dll.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\picturePuzzle.html.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kk.txt.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp a125686b9a379c4e5bf3242aa82b1910_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmpFilesize
79KB
MD5ca6225876817dd28823fba44ce6eb687
SHA194bbdf2a1f2053942a6831eb711df8a0cd536b77
SHA2564beaef0b9b00af3047e93af209750507ab2752da10a6a79da3a8f0f8c8e98ebd
SHA512ba1d9a821c290285d7d574a7d03bb89e829365554ec5435a5c2649390989229299735b04c47ee780e4d31d401b79cb3dc23f5c2beee6ca36e598de1d0bc34ab6
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
88KB
MD591c7c52e6936b1ea378dc65da94671d6
SHA1df7e670f19b66c9661584bc761c9969e448b47ab
SHA256929dacfcaf8991414d77d8a763ceb7eb400045128b6cbd25ff11a5f58b6f4578
SHA5124ccb25a20c386497209557c4cca4d874bee60ccb5cd63069e1ccf5ea087818f44916836c2caac594d31aae70de85f1812cae9d4447febe3c190ec17632fb0abb