Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 04:28
Behavioral task
behavioral1
Sample
488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
-
Size
92KB
-
MD5
488f76098a557fb60ad2dd2519ea9f80
-
SHA1
6a351f08f4dece71687e2ed850b530246ee7276d
-
SHA256
719d949878c9848b40bb8cf8b9099cefeb61dcbc19aa9aa3bce2c34aeacb1e09
-
SHA512
3a7404a89685d78c4e485bd7cdf6add36b5fd5f3385790918d8cdf689058e711ea0e0c2f3ebe6cbe4f26869a3c4aeb3443d9cafc0d055ee35a967a94aa90d28a
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8RFUmXm9sprayj0FZ:fnyiQSozmqswyYFZ
Malware Config
Signatures
-
Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1704-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000d000000012342-2.dat upx behavioral1/files/0x000200000001048b-6.dat upx behavioral1/memory/1704-534-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5bb35618a5b0e7a56885bbb334e5745ca
SHA12d7eb431e1b6ab4528ddb9f90ebfa6b630e46d8c
SHA256a229e91d180f05eb851c2e3f354abcde251390275b5bd9fe35887ef142c5d0af
SHA51227e0f8ab63adb87c322d4685634755dfd204b4a8cef8258c7d3d6361b9641d8512d482cfde46ec213b841784ed5cadaeefba25f8d3117f098dbf2e7dbb848e62
-
Filesize
101KB
MD561158da31abf6f7e9fc032f162cf4089
SHA1f5fbe4c02421b5288c944ac79d7bb8230aeb7cce
SHA256f83a3fdfccaa4cfb0ffdf3456d09284ca475075f9afcc2e6b8724c98dcd3f8dd
SHA5121acf13309e0e898e5e306d1c3880cbc49148f0eaeb1ca93efa14281a44cbca9d9c661e3a50522a06e9866cd931a160bd29410a4420c88a0fe042f5086d412078