Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:41
Static task
static1
Behavioral task
behavioral1
Sample
a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe
-
Size
44KB
-
MD5
a2dd955e9f14500ae17e7476332e61a0
-
SHA1
eb78da914282ccff3c8503d9ea6c833ede975525
-
SHA256
02c08dca00a93be13c68b3dd0f769fa8abae118ed06627a1f4c459da0b8fa2c6
-
SHA512
ed50f9a7393b86467404693d64f19acced1e677755ed7b001706a518827d54589ab154c0529feccefb482251a6841442c40a24b8487405728408701b93cedb97
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDu:W7BlpNLpARFbhblkYlkuvIYFWcDYcDu
Malware Config
Signatures
-
Renames multiple (3564) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\gadget.xml.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp a2dd955e9f14500ae17e7476332e61a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmpFilesize
45KB
MD558ea963d5f9110b843b0528d318db009
SHA196a39a706a39aca838237ceaebb75d14a4a7c08c
SHA2561cc3bd6c41637e402c5d97d9eb6cb81924dced36965324323b0622fd94484d3b
SHA512c23723c0a7c94fc6b01e59ff2247e899123516b280ae2fa1510262a46e01cbce6d72d51744dfeaa90df2872ac3635e900d678cdf3d64134d8c8931d2ae1653a7
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
53KB
MD5a7b4e3e81008cf882b0689f83cb6822f
SHA1b28d2eea55a81526df5c82927892fc8fa7305cd9
SHA256248ad195eda200ffe02869fdcc381336caff6ebc271b74881156d289fa541c07
SHA512ab00a7e8fc7bd51acd87f7f4c3d7997167674ba02cebb532c9ba1eaba7b1c0d795a87481afe5642926541bc719d7a74ea3df363abbf20e8115497d622b3b3654