Analysis
-
max time kernel
30s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 05:43
Static task
static1
Behavioral task
behavioral1
Sample
9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
-
Size
132KB
-
MD5
9149b7dbb0aa39c40ac0aed171954020
-
SHA1
dedbf080fcf8478202a0f68f868d5fd86922bdbf
-
SHA256
67f11bd5eb19334f40c0f8f7c2cccdf09d57203c0ad9fc3034e6f894bb8b5936
-
SHA512
c51e9a32c7187716a43993df4d81a68ab2116d1004495cf1d90c7cbfd28e591ccdf121dbb8663bbcf36e99728e7d5afba18b216d8c409019ccc4dd607d2eef88
-
SSDEEP
1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOMrTm/UZXyNj1tyOTuw2llbh/MKHjNHkqwZ2g:6e7WpXYvnO6/Ulysw2llbOKHbLAt
Malware Config
Signatures
-
Renames multiple (196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\si.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\be.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tk.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\nn.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\bn.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\gu.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sl.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7-zip.chm.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fy.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uk.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7z.sfx.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\yo.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\lv.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fur.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\es.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sq.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\hr.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
MD5fd437fffcf6933c1945a7370ce9f7f9e
SHA14f104abaee19dd56efb7275edc929aea5091ec13
SHA2568d408bce67901d69cd0be78d4db84b06bae1b3d434a12904f3cea44a86587539
SHA512ff107679b8795fdfe2eebe88b25106b44a9e22b8d2f7fd213b2430049e55298f43e4692ce6f4023e598d0f31fd7ae05fa99d1e0c26c461020060ba3ddf3ef30c
-
Filesize
141KB
MD5447a7c937aad87d2064e97ebd2e9bfdc
SHA158d57aa5432b72218ecca9586b4f755f5c01a535
SHA256fee33d11520a00056d47a57022237763749c1bf08fe9e30d6dc57c469441af17
SHA5122241beee60cd8d4cd79ffbf894c41f972e2ea609afd575822c9bbdb8fd27f636e765522a8365a09489bdf6ecc9b7a89ea5e71709f00f85373105e68b72d235a6