Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 06:24
Behavioral task
behavioral1
Sample
598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe
-
Size
75KB
-
MD5
598b973af9c6941a76fef2ff689eaa00
-
SHA1
720b1f28c45810c4b5eefa8a53af7c0261db26ba
-
SHA256
7417ec430bd2e37df96676d2171c84c852216b3c46dc529631c1f5a6896d1fed
-
SHA512
98161ac1c82ff6ff6a7f7fc62fdcf94d9f4cc2305a4ea7fce10b3472b8a5c95a6ff48cf9cb8b341c6bf22e310f61296bf2db9a37c4feb0b99b2228fb2ad59ff4
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8s:fnyiQSoP
Malware Config
Signatures
-
Renames multiple (3404) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1972-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x0009000000016176-2.dat upx behavioral1/files/0x001c000000010439-6.dat upx behavioral1/memory/1972-382-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\Lang\sk.txt.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp 598b973af9c6941a76fef2ff689eaa00_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
75KB
MD5815bea5f05f61146968824ebf4853673
SHA14b7cd4451ce21c09d59cc53582ac2162254376d3
SHA256f76fff594d2611bbf07f346f86282f127c97730fb8b78e0392b66acdced6860d
SHA51204a92da48fd2cdb1b82c0ae62b230681dea0a15ae77236e2440045c48c41a3d69a0e06271259e8948432212e05eee37856179d630da77a902a31c501c972e9d4
-
Filesize
84KB
MD52bc90b8f6227e1ef0b6c8c9a0d0e3b88
SHA1f607b266425137ce0080cae51ae4aba0f0ed9649
SHA2569fa2fe383709a569a17918570215985e654d84a28dfd0e889ce23acf2d62bdae
SHA512be1e4c390124fc3b027b36f9971f5ef25dc8bb1a43dd68c0f8f4608ae62d1445f14abdeaf26c69440a7efae9bb5f2f1307824defb15ceaf9592405b0b69e5cc3