Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 08:37
Static task
static1
Behavioral task
behavioral1
Sample
6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
-
Size
50KB
-
MD5
6bb787327aa6b860121aaddcb311fea0
-
SHA1
32d15ad3f5f3494e02e8f1b7f8863d1914215b24
-
SHA256
9013f1d436e516b7f601a62a8db8d13d309f1faff914449a5ebd617b2bf2c132
-
SHA512
a24295bfd08742e1244b2e4e4acec9da95bffe369071e4207c9c36a7d210b3066209a6cbc9b813fcfc6783680da3b750c19e2bc288d9768615c56bd0e6089d2f
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNh9CcdS0AqN6WCcdS0AqN654IZF7+YIZF7+vQK:W7BlpppARFbhgCqCi7Y7/
Malware Config
Signatures
-
Renames multiple (3855) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_XPS.DLL.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\MET.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD575aecec95853c6bed92ffe19e6ebfac6
SHA1840c8ed7d457281e37dc1cbfcf43e71a878282a3
SHA2561d5739025748f18a617b1e95f7fb180075c76d03ab9d907b9338d3bf261e2ef3
SHA5127ab8ef31e2ba970e07935fa6ee988ff5fe4b4e58404e5d3a1bacb622b5814dca73109d34d3b16e5d2c229fa3617e2c828bb59eefe13b64270ccea095261eec03
-
Filesize
60KB
MD5de69b100aef31f1012586e0c23928be8
SHA1f31b5567723a00d91c808367abf97710861df18e
SHA2562da91d3b64307fa62ab34a2182edcbac879516ca346e649b06a952da306e6e87
SHA512103a175fd6ed4bed5c7f6a648bb8497f355824f58c46979bf03523ef49d499d227583f4aae9d648bb59f4144f7d1cba6ac9c32b6bc0247a6e33dac9d13852d32