Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 06:52
Behavioral task
behavioral1
Sample
5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe
-
Size
90KB
-
MD5
5d162b7afe6cc12b5497bb7e1366c7f0
-
SHA1
5a04b3c3ad9382461409ac6c654a7d9f30020a05
-
SHA256
fe2140b01839570b839b558515b05d662d3cc9cac87b3663f36553a9d55eafc5
-
SHA512
03ac17441c363315aebd180c8af99add5f88433eb3251aa248ab80ebc9a0270c299fc38862b2aff2f13e1a5334346ef511c795b0e403b65633785ad99db90dc7
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8FwQ/4mCB:fnyiQSoywQ/4mCB
Malware Config
Signatures
-
Renames multiple (3708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1284-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000d00000001226c-2.dat upx behavioral1/files/0x00020000000104db-6.dat upx behavioral1/memory/1284-658-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Services\verisign.bmp.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\OmdProject.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD5b7a8866693045dfd55894d7afc2004b4
SHA17fd4052b9b6d8089f054701a21906efe3ff11b1a
SHA256fde06ac0022f8ffd2f8da1d2f28914ec0a4ed065d087b3d23a91a171c60d5bf8
SHA5123dda8709cd96e051dae5d42be86e108c0793ce0c601f5264929b6919c4573cfceabab792843195ca060dced5929f01c9c8e9921213860c5597938c5f292d6f97
-
Filesize
99KB
MD5337a9f3f99a23d15546c57cedf85b54d
SHA1b4c93282d6b6b44ff7f192ad12e8f4f33227f597
SHA256fb1a6af1a9c33c701deaac052a3c90fc8ffa95acb17fb5834df2fc003ff72428
SHA512b0cdd3879fb2bd7ceb12bb4040a03541252fcae5e98a844959515d33f76dbdbcc3d7175373612846e0775d5ce65b25119c0d73464aeeb2e387f5d980a2ef13db