Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 08:31
Behavioral task
behavioral1
Sample
6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
-
Size
68KB
-
MD5
6abe45503245f75617535b6b3af0cb50
-
SHA1
efe0c9486fd3f2b7da76dac1cda6abfed5f57a39
-
SHA256
3927d414c049e273f46d16d926b1a79f90a2b33b47c9273e63b334a47f542c59
-
SHA512
2ae4fe19189d4f29b6b3b81dc4f2c6b5ad426912cc033a1b9d99037967198bf8e2e1c34d032f26c1a69f575c4183add7993effda5ee58a9246ab5dd083c0654d
-
SSDEEP
768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXk4j:a7ZyqaFAlsr1++PJHJXFAIuZAIuz4j
Malware Config
Signatures
-
Renames multiple (3493) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000c000000012264-2.dat upx behavioral1/files/0x000b000000010623-6.dat upx behavioral1/memory/1656-646-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Windows Media Player\wmpconfig.exe.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD511cde4ee9734086ed72b9cd26eb27d0e
SHA17c7bad9e2e8b850779e0535aa45516b390e7ed69
SHA256d2b2d859723849db624ae00c623864f2a298672f572e8a0f52f246a98991dca5
SHA5125d9ebac37123467f596a0b8015fa0d8fb3e3556e6dacc1c31fd57006665bec3aba27859aeec172a9fa8b5122f77572bdb1358bbff6b3830c15612096823f9edf
-
Filesize
77KB
MD5a0ea7a60e20fd734b404736b3fb19612
SHA1e323e77ed3691a6f3b6cab5f833ebcea40053525
SHA256905a0490450879a085db20b6885ece0458b1399149f74c625b3d654251c4e683
SHA5120d6c64d2b205e1b660124e2372a141753def65a214d65a925d682acaec53d6ba26546a97f7d347e918f320f1718fa4a901cc9bce80c262d325012b8aaa0864bb