Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:58
Static task
static1
Behavioral task
behavioral1
Sample
a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe
-
Size
66KB
-
MD5
a419ad3521ceb5689b80f80f1e95d660
-
SHA1
177b2fff3bc762aa73a92a281d19f1a2ccf6c102
-
SHA256
27358220913ebc75247c5fc21a5a9e15cb418d4b740e50df687e7655b88c6326
-
SHA512
c09c1bf2751b494102cc54b8cbbc706b317e438003adbb4c65add892b31551fe2e30478cb2dfb25a5f2a4f60f565d534f3f7b0b52afe297f5b0a6c4f89fd019f
-
SSDEEP
768:W7BlphA7pARFbhvOsTKnKqtSpFCpF0YSiJgUpFpgFi101tlktRN8kgXZOXcvlkt+:W7ZhA7pApvOsOKjC0YSilpFpfkJOMCzs
Malware Config
Signatures
-
Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\tzmappings.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\postSigningData.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\fr-FR\wmplayer.exe.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp a419ad3521ceb5689b80f80f1e95d660_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmpFilesize
67KB
MD56332bf4f17f82c794dc72ce813c5eb30
SHA1082ec8dddafd7572ab696ede4770134751c9a221
SHA256e45cd51c763704fb4a81ea448ed7bab4cc0635d8845e617fcbd6a80d4f27e3b0
SHA512573ad8abedb3250f3c2f2b21dfa3b7387d832329a208704d5a3aabd2967a0b441f96706e3f33f9e368b22259e1f61cd05be6e3ba648e0c52f5372ebdbedd7869
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
75KB
MD5489e985fa3a3c018234b3c7c017cc2db
SHA153255a8457cb84f643f3a47a3242b537026bc76c
SHA256a8276a330a87944865ea3a18c8e18207d22e05a0181ff030c4d6277bcf3e1b81
SHA512bfa31d674e04fe58638424d8a88574883b474979e26f2527a1d8f0d7694f02e4bb6d12fe4fb7f9259f2aff709e8c441349e1c7d9683ba307fbacaa8e3cfd5873