Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 14:06
Behavioral task
behavioral1
Sample
54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe
-
Size
112KB
-
MD5
54641aed261f44d86b882a8e4363d5e0
-
SHA1
5d4d0dec26e044877f3a0824e23cb21364a7a6aa
-
SHA256
0b0f1d19b090c6a6f5892c4e8f66e662314a7a4bd94a797c9fc900024854e6a0
-
SHA512
0c5e8cf2227f5da2568e08ff154d51f0463a37d0680fadd21e2e6f9bbc93a0dc6e91ccc37f7c5ba4add6406f04e0a1567bd0c08f50d592502cd32d05af39b60f
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfagQ:hfAIuZAIuYSMjoqtMHfhfagQ
Malware Config
Signatures
-
Renames multiple (589) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2244-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral1/files/0x000c00000001445e-2.dat upx behavioral1/files/0x0002000000010481-6.dat upx behavioral1/memory/2244-26-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\et.txt.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fa.txt.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\DirectDB.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\BlockMount.asf.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp 54641aed261f44d86b882a8e4363d5e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
113KB
MD5c0fd0846d5b292d3d4b0c915e30c1a00
SHA199c1c19c92f1580043dc8a3421c9c0e1894f7a41
SHA256d754153991b38db16d338dadb355171710966b4794ef909baa1667cdab77a9b0
SHA51252fa634c0b6bd7614c15a68e96c782a18a584951d75bdf558d5cf82f9d99a4dffa439a1cd2bb71687769ccffbcd074bc401827424c69fcb7f7cdcecf247df490
-
Filesize
122KB
MD53b73567e3d2551bc609eee57f8dbe4c0
SHA1900a6ff3073a8e2f4a740118a113967290a28a3d
SHA256677b039dc18d8aa1d951ae36a4b5096d705e4797d04d102f643a7721685b32e2
SHA512d94dc01abaf2c7596ed274981cc4f3c6a4e59c622d8d6c9374a97e66a51865e2c68f677ccb162a23369f7fe300357fe2b09dacb0f918665bf0e8c92fb55586f9