Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 04:50
Behavioral task
behavioral1
Sample
4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe
-
Size
211KB
-
MD5
4ba9789a0d6ae00bd5516766dd9c5460
-
SHA1
88a423811af7d06540438a90cdbf060c6a6d4549
-
SHA256
fb870e33245aa45e14a0ffa9bd62b04b28c23ad98a8acca970f9f4a4d03b17ae
-
SHA512
6f19aa7248023d9ea904408814767ee5f81d7b88c0687b3ebd4c360eca80eed5c8b902ab7521645d1e269ea24d82bb7e28ec92093462bb47f73b184138a15a56
-
SSDEEP
3072:fnyiQSoXE9tHpKrvGCLOwstyhZFChcssc56FUrgxvbSD4UQrO2Exq:KiQSo095pK7ShcHUa1
Malware Config
Signatures
-
Renames multiple (3286) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000d00000001226b-2.dat upx behavioral1/files/0x00020000000104aa-6.dat upx behavioral1/memory/3012-642-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\RegisterExit.mpg.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Uninstall.exe.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\eu.txt.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fy.txt.tmp 4ba9789a0d6ae00bd5516766dd9c5460_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
211KB
MD5595d1e5910742e62dad01ef3952e60c0
SHA10ef2f0c61c1a404c7ba100faaeebc254e3ae47df
SHA2562c65eb0219846bab76f5d5c1edb695684e54757f29ce4dd6ca1bff3398154ac8
SHA512c5743a7961b6b377ade39aad3027afd2c185f9beebaa0fd3a12ad515be9cbf4ced3fc3d3f108778e7371352872f48c6b08b478cb07d4c38b7615fcd73a4aec63
-
Filesize
220KB
MD564124afeeac441185e90a14bc3fcb5b6
SHA1aa319ff68292cb1a123fa4ab8961ff2dcaef85be
SHA2560f76f52ae6928f13be2dd75a6f2e694b66f7d7ecd3d9bbfedab3e013e7ae324a
SHA512e44bcbc9f8779a1a7f3113e58bf4f8a693b2ee6d63a8646be9068b9aaf90423d367b77909aa668ae20c09b04b6b42818570c3820fb4611e2a590a8cef4774d41