Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 05:00
Static task
static1
Behavioral task
behavioral1
Sample
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
-
Size
316KB
-
MD5
a43cf3656d6ffc79a07f80f00e4f3b90
-
SHA1
ffb8effd2b8659224eba62eaec1b11081e6e2100
-
SHA256
e640f79b50024d7c43ff90195ccdb2493d7dd6d2261e9473bcb0721251ff0f16
-
SHA512
0fa834bc8e09b5d7b7fc9fcda2f8843b021a540fdd653dc0740008c43e9bac30cc7d32a51c12b2a1119f658251a36782c08d1da368efe874a0c6a66d7aee132d
-
SSDEEP
6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtv:3PxPir9RyiIuGcKbpaSL4vtv
Malware Config
Signatures
-
Renames multiple (2844) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\MST.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\nb.txt.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Thule.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\GetUnpublish.aifc.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmpFilesize
317KB
MD5c71c4fce7f0761b8a55ede5e50ff49e2
SHA1571e4ff20de84bb184cf8a0a5a9e5665cbf87549
SHA256b4aa6c45c8970957454071d05a044d30c97b3a0aadf92aa6686212673d1f355d
SHA51241d1f2066703ec8a1f5194ddd5864bef2e8628a1b004bac57998386f3ce0ec248b46ee70eb13fe4e8dd71bb6b84623ff15665fb964f653079d68ab41464aff8d
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
326KB
MD57da9dd1ee79fb2863745f1707de55384
SHA1849b6b4b62cb29e9000a455851089070abab6098
SHA2564a288204e06c4df21b35c71ce5d55c833ae532cf49c89151d92c3d521dbdbfd6
SHA51253146911dae74c641bde92a788e5eebfb127ad03e83b38687993bf4e2057c4796212d7550c93e10e3370a71011fd91c046d90b073a682bdeb5e37b9ceb683706