Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:14
Static task
static1
Behavioral task
behavioral1
Sample
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
a171155929d0d8778c6bfe1a1ebab5d0
-
SHA1
5a94285f1328fbd43d7df517839da3e7e4bee9f1
-
SHA256
1f13c743e8dbc5621b4c7c031ce4abf368a904736543700751658371ae9a998e
-
SHA512
f631a1440362c2ea8dfc9f9eeabeddb20a0d5464a12d39edb38c71a8cbcc29f9382983371f7c4d0c426509993c498cdc992c8e672a71e86a89f295dfd88b8f27
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m6911v:6e7WpP9oVLQthbYY9oVLQthbUrt7t5m6
Malware Config
Signatures
-
Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmpFilesize
76KB
MD5a2e185bc451513f7348ef6f79a24c9dd
SHA1e4706b43c93e24224dd1d3357e4ff5eb10a70605
SHA256c0e7330a9537b6e6f8d3d951c966ee06cedb347fe75308f18d9199780bd11e92
SHA5126bc15f6ab80629168443bb755bdda3e2f45a898de39cd9e5d8aedc8092c414397032a7dc7f070e8afb88aa2422b87c4b1d959a50e2ffa1195f3d7cc969a4c594
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
85KB
MD545465937a75d244743fe5dad9fe40415
SHA1e28c113a00b8f441cc2d745beb9691a4b2e4999a
SHA2566e3d43f8462e077d552670c565b9650e75cb97d13038df69e6e0a13e4fc9cf0d
SHA512db01beb4a62de761d1bf07e6a3e78687c023cc00e04594d6d3fa56c8dc81606bf092fbf773030a51873af9baa56e7e46c23036ba35702d1546fbbeba2d80bbd5