Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:21
Static task
static1
Behavioral task
behavioral1
Sample
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
-
Size
84KB
-
MD5
a1ca54da009621d5ea573935c915f960
-
SHA1
48ad6bb4f1e79701ae6c316d19a48068ae39cb3d
-
SHA256
511092292fb93602bc0ad8658a15db4194a26a682f9fb9aa4bdb5c0170dcd76c
-
SHA512
c2c3ccd379c0eb7f1a7f8cfb258f33997cbacd021eeee5dd734b0b8fee073e48b66ab7043ecb2b555761f00ccd5af656198ffedaaaeff9c031a8f00cf0ae3a03
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhq:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs/
Malware Config
Signatures
-
Renames multiple (3459) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exedescription ioc process File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\InkSeg.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\es-ES\MSPVWCTL.DLL.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\accessibility.properties.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\README.txt.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\weather.html.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmpFilesize
84KB
MD52044bd36539eef902c5574e0adac1bf9
SHA178558b0614e1be2b3be53a37aea05027392c55f5
SHA256b0b4b71415fab2a5d5be94de335274eed359456ebebbfc00abeaa64520f00e4d
SHA512deb931be3a34e420e95e20eeb603db26524166910c87c712e159e1ccaf1d25c7d4975ce776e3067417de15d10e207c1f9414ea4acf3f00762328e876117383c6
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
93KB
MD5429d6d1ea4f5ee9f99d719a105f3cf28
SHA1f49627efcdf596086bd0d1db42d1a75698f9800b
SHA256d8e517daf1779ab3ef1f723b5bdcdd1bbc2e4088ad972c631cb4aa7920b569ff
SHA5129991001f1a636852156ceb9d513d76308097c6deb4a75c227af300f6671170dd995d12f681eb5ab092ffc1ec2d3ebf928fabbd88546b833170cb485faca08653