Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 06:29
Behavioral task
behavioral1
Sample
5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
-
Size
68KB
-
MD5
5a1f5538116ce46cbce2e237487f52e0
-
SHA1
07e59efb50bc0a6450dc289c41ef2622b1e7742d
-
SHA256
2549f0a3ec3be98dd6d90977ebe7159e634db2d397516cb88d37e1137829b65b
-
SHA512
5bd49961191be3fda8796f2b17c3a460d4d65e4893a6588f3e8b34d8e453d289e473d75485ec17ae7b64c959967cb19ba96abc431fc8818bf6241e38c354e62b
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8z:fnyiQSoY
Malware Config
Signatures
-
Renames multiple (3737) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1612-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000a000000012280-2.dat upx behavioral1/files/0x00020000000106a2-6.dat upx behavioral1/memory/1612-662-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7zCon.sfx.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32res.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD5ca2911e598dbf0decc4e1246c7db9b1e
SHA17cc6757d22cc18ef0c9d1c932a0fafe0f001e3fa
SHA256cfc15ff55228dfa5664bdc3beb179da3c655a5f05813fad0452c472f9f5f99e8
SHA5129d9b3f65aebbb78ae7e344d78c1a5e4c6cc24f5099cd88cb4b1459392f40fd9ec6f29e572620a5ad651f87a139c1bd8d7dd15c9554f428db08d1811d4c072731
-
Filesize
77KB
MD5d5b6f44d16c69d6ff385247ec3120bd4
SHA1049c9fc0f6ba6f3f01676dbbfe7bc636cae74eec
SHA2565d951f01dd44318a70981f885d54bf868d44382bc3989b2e3862cf77a5f3c04a
SHA512c4630cc102942ddda583e82e8204d4e26b3e4cb4c3be48c7af6435913f90ffd634e49f20cd1b26cdbb1b84dc46a72503f016d4b342f2771735acaff2775348e9