Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 04:32
Behavioral task
behavioral1
Sample
4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe
-
Size
114KB
-
MD5
4919bebe9f5de22b95aabea2959df730
-
SHA1
b994cae414dee862eb44939800f0c7fda93ce222
-
SHA256
8ad3c97ecb1966015416881c846f7603bf9647645d78ca335ec360b6fd072041
-
SHA512
c6ba4f952b3ec7722f5740f2792f253565c54b759c86c3962a7c208bd9a6436b374c2c71d28e84db6276541818e6e4a3fabd3048913dc7693cdd633af5c6733d
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8cTWn1++PJHJXA/OsIZfzc3/Q86:fnyiQSorQSod
Malware Config
Signatures
-
Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000c0000000122eb-2.dat upx behavioral1/files/0x00020000000106a2-6.dat upx behavioral1/memory/2084-646-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Uninstall.exe.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\picturePuzzle.css.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\omni.ja.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\SuspendResume.mht.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.tmp 4919bebe9f5de22b95aabea2959df730_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
114KB
MD51b663b0d4f49156945e3dcc0c5b281ec
SHA13738fdcf50a33abed48c5e60aa8c3d1fbcb777f5
SHA2564847b4695ab94496ac6270e210234bbd149923b32de4a8ac81bea1279d49e313
SHA512000f2374646863da6abd18aa3cd229c076288225876c015eb6a1e26840a19b1a7066098d00f5dd0cbd1f6adf044f19781f59e4c110cbfd9388fc06025de32ed1
-
Filesize
123KB
MD5982896b1f582d4410afa37f32c278144
SHA141f6d11dc7e864d299446a4293202e39b9f57abe
SHA256275e3859e883f1cc8495a1ccb5389002b0ff9af50ae4089c0942ec24999a9975
SHA512b18d197e79dd960b9294eaafdbb2ce8d5e78ea6eaa1c0c9e6afe56fecaf41c57fe166167a9c3562cf2f8b5e9388050a2de1b81a44b5c3cc3afba6759c7b6e0b0