Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 12:45
Behavioral task
behavioral1
Sample
3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe
-
Size
4.3MB
-
MD5
3b62840fc2493bd4c933671ac9156a00
-
SHA1
e92ce90a6ed8d2ced4552d82cb80a42bffdf8072
-
SHA256
2d46cfaa75bde7b21431a52ef65b12e93400e04815e7a7e57c89a93b52557303
-
SHA512
a619445f82d6b8867f80c8113db48f3454a640f626df0c7dcc6e107f09365ddbd6e1c6c8f56e24b82060feb1f71894b681666c734101488de42aa234c7e92369
-
SSDEEP
24576:NVdo4Mxdz68k3IESsyQPM/oYB6bpFQNyjAMNo6mNuAwFYyvJnBVWe85oaU5S5P8w:Nd2QP8knx5dI5XfJmOJoUJX
Malware Config
Signatures
-
Renames multiple (222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/1924-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/1924-98-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sk.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\hi.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ja.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uk.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fur.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\he.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ru.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\readme.txt.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp 3b62840fc2493bd4c933671ac9156a00_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD59370338f7030541abccff2f4c2246beb
SHA1c44aab11797c2caf139c9669ee31d96897c601c7
SHA2562cb7de83935a8aaae4a274fcac68f2a813c4af5fc287783009eac24b0812fe0e
SHA512534434632ba1f893f4eb9c727e17d78dbfc5bf34844ded89adbe4a1383e27fcb4de0cb7d1700ec40e511a77b7212121566f3dc881499bdeb1e2c30e7888effd6
-
Filesize
4.4MB
MD57ac641862075251388cd6ef8f3150518
SHA17bf3e8c25ed3b6947480cd806b592cd586331cbc
SHA256023d18174c8136acd45961a29642abec8ca0c7f89be7975403c203ea35604c95
SHA51232d3a003d8712fd6d0039eb70698287ad0e64802306135e869bf3ebf54680c406ff919ac53b2f3386b6bb168bd34c2a0afd8c9d6b0c550e560521b8bf47c1f94