Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 15:53
Behavioral task
behavioral1
Sample
0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
-
Size
69KB
-
MD5
0f2ef4f5c4b3d3f67cfb70e6ea8bd670
-
SHA1
e521e128b8f6af8232c139c5b73ccf037a437885
-
SHA256
5268f6d5820e881f6eee60a353e184c2148588aa2441ffcb4146be1a9bd3adab
-
SHA512
0687a4c8a336fae394730370256a8981bea2c64a7a05c55107148ec4594ea38cd5c7de5ac772f4a782df6a0cbd1583999bbd8e9ce40cef5def333f3d6c6797f6
-
SSDEEP
1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8v:+nyiQSo0
Malware Config
Signatures
-
Renames multiple (578) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2812-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000b000000014fe1-2.dat upx behavioral1/files/0x0002000000010481-6.dat upx behavioral1/memory/2812-68-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\SecretST.TTF.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\hy.txt.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\yo.txt.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\va.txt.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD53e6ebb1d10c062624872850cc8404e19
SHA1cd52d71d0f53fa8874b6eb4dbea32eeda650662c
SHA256e2733fb4a7092dee99a4de26864d63e6e3004effcc22eeb14e1116e5cc9b3a98
SHA512802f0dc775a29fa259ddf7cb58c357de01a51ddc6affc3ac5ee557758308d4ffdf709b08bf11232bf4b50291d467a87bdf4f79b81877267a98d756a42bf23d13
-
Filesize
79KB
MD5b3b3d05e72fd3e3f75140148d771620b
SHA17d6ccfd3fe1dea8de7740efb641e94ec84b48805
SHA2560a7d91b50eabbf8fd2a480dee7c39f4e8834cf0ee53168c3b91752eef8c2a2ec
SHA51239400ecb670ef84477f6d73a1fd19cc27d008579c3911b90e48ade4a701eaaef2a46436da2d8e8e62337f8d1adfbeb426003822e86e98f3fb9c904aae52aefaf