Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 03:35
Behavioral task
behavioral1
Sample
8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
-
Size
1.4MB
-
MD5
8830a75d4734c153cf60d0ccf56b85e0
-
SHA1
918c57e4fb0c3e0d14bb247498c0851ee6361672
-
SHA256
112f5e2db80deefe0ff4cd6b533e35d86583215da9fa9ba3022720becc9fcfd4
-
SHA512
8fa663eec63b1407fa7dfd759f49728395549fd0db0b6308169017618b3231fa025bdb77cd4acb9716c2683cd45ce04c7c1f64f5e192ca51bef8f161fd113c7d
-
SSDEEP
1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC2:fnymCAIuZAIuYSMjoqtMHfhfagT
Malware Config
Signatures
-
Renames multiple (631) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/memory/2944-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000b000000014284-2.dat upx behavioral1/files/0x00020000000106dd-6.dat upx behavioral1/memory/2944-162-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ar.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fr.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sq.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sk.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\CheckpointHide.wav.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5ce6df6d165803b5676db92673004ff1a
SHA13cd888fe6e10f462bde666117b5c1fbad9ba9140
SHA2563e73bdbac9886577ffd4a6f69e21d24a7cb18dbfc393bb06ec69ec703b6c3b8b
SHA512615e2edb5b1336fe5a91e43c81386649e818bdda29e959361fd955ce293026004c5cc207dba74ebfa4377feaee4496dfcd7c2d1d2ed7ea583807d90858c06a1d
-
Filesize
1.4MB
MD5576dc0c41c74f3d1356b4fb698dded63
SHA13eed8607cb27c417f3c7e927274c0125cbd95cb7
SHA2569de203e74f03804ba2e5665e9116abce6cfdca44ae87df92b9f066babe0cb653
SHA5123dcfa1ebb3563d03bd2a21edf6943d4436ccb44c0bf412ba24457948b662c319041af5c452ab22307458f61f64c31c24575e12e419a635376bc32b3e9c521196