Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 05:03
Behavioral task
behavioral1
Sample
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
-
Size
139KB
-
MD5
d771a2874daf558e90f3747a1b379820
-
SHA1
0f1d33361b1e3aaf994a4201bcf06ee832f8aef0
-
SHA256
4c27b62874d12ad4bfd493160ec1625187610bba607489d9b5e3c833872c5fdf
-
SHA512
86b927a7dc08498fc551cd2279a865a539f0901feeb0af54571a3d61de1d2524071efc47cf34b575fa06d54b79041af0f665e59643d9945f13b8f03fb164efa1
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IteTWn1++PJHJXA/Osw:fnyiQSohsUsWU9BK3IQSohsUsWU9BK3X
Malware Config
Signatures
-
Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2424-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2424-642-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\javaw.exe.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\7-Zip\History.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
139KB
MD5987c8bccd0a475437750ad43ac8c8e5a
SHA104d8b9faec1a9bb712554caf863cebf59acf794d
SHA256ad76851deaed21865b987fea5c3945a29f408c2b0fdf49c0b1db5afec52f7f8f
SHA5120e7c65e16eb4b19787e1ad634d2fc27379cbaeb4ecf557638193d4222acc7a7bd9bd6899b7d59ed1588ce071d5cb597d379305ad62ba9ebada6f42be193742eb
-
Filesize
148KB
MD5929e452d7b4c54fa361e0bf1dfb59189
SHA1deed832df1e60b833bbc5cce8e5ca902b16a683f
SHA256681e976f3c3a1b2fe733922ea2ebb49b491087263b471967186d9ad711768e3c
SHA512f660b94139920e6634a5070f17c12a152cf9be2edbaf6825344acc6cc90ef104d6f74b5f40f387563fd8957f36a1769235265aee84e39804d6137e4b29d4e42f