Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe
-
Size
46KB
-
MD5
a42c8706e8553d5325a74c0f14d07640
-
SHA1
eed0e3482967f689960a33e841c67ac3494be85c
-
SHA256
a90a763b30b7ee319f7ec8448b23ef09fd97b303cb6cd49a28d966dde4c0ac59
-
SHA512
6a064c9bdd735485cdd2981335ef87c1ba8d924c22b2e94b9d62efb2eb105c95defddd1cd0751417568b9a256d69b0995ff5b541782432d544bd8889c0bee4f3
-
SSDEEP
768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1Mse:W7ZNLpApCZrt8PWGoPWGZ
Malware Config
Signatures
-
Renames multiple (1249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\br.txt.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7z.exe.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\7-Zip\readme.txt.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp a42c8706e8553d5325a74c0f14d07640_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5e70f2b29a5e95994e7227ce264b867f2
SHA1798b3621eb52be90c3c91e12101fc2d92110d762
SHA2566bde154952c2c9fa1c4144d3915428e7031953c8711e8b52763702e32fff9c76
SHA5128df12c1532023ae6cdedd7e0143995a470159b7c8472bd34262ad01847a138001078eebd5e31b2a1a3117cc82849345ea924e8e74360701f32fa35adb5ae04d6
-
Filesize
55KB
MD53d93f3fedad279a8d14b2c4a85615333
SHA157ac4139328f877211c94f5792b1a6eee424c5ae
SHA25605c3e890d43f056c838f0391675bfa3c7bffa61f0363f402c211ccf4f1e21951
SHA512082e34f801f4e18d461aa9855ba8a7d26dd9448df86f9bb198f9cdb4d5a7a3fc9817c7ceb31cec3a29bb9c489dde62d571ca5732354112d7b2131ee2e4371bf9