Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:26
Static task
static1
Behavioral task
behavioral1
Sample
a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe
-
Size
78KB
-
MD5
a207db795798d6d8a68f537d8f7b1b20
-
SHA1
f8664d69ab06f8d5fb0bea338deab1bd82b49bd4
-
SHA256
7af5f739a9897bca404d5f4db7519fd3aeb68cadb1e603abe6e752d4b4ebc0ff
-
SHA512
ab6cb4c1f01685414e8b2e8c1036e372d7ffa14edbd26a2d247cadb0e1f3dddf229547b63762c949b86ec2bca38749b5c1d952183e9afd14f16fd8d79374a3ad
-
SSDEEP
768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHp:W7ZDpApYbWjIlE77ufL2e+efZwZ2b
Malware Config
Signatures
-
Renames multiple (1162) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exedescription ioc process File created C:\Program Files\7-Zip\Lang\uk.txt.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ky.txt.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\DVDMaker.exe.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\SecretST.TTF.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp a207db795798d6d8a68f537d8f7b1b20_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmpFilesize
78KB
MD5f4471e269758a9fd67244c394c2e02d8
SHA1a97205f3e15875a725c8e3ce59753b012750b9b9
SHA2564818c93342f2cabb8d252e6cb71af62376c1c3410f28a5bbcd449db970f34980
SHA5125ef9a6053b0918faf370c12a4a9c244b6d71803217818a026674e77a0605ed016f617ec26943d8551fa676c3d4bdad61692198e623eec6ab3d2b688c6820d396
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
87KB
MD554ae7086d7f1980e4239e4aecdc514a7
SHA1cb563106f9c6cf617b707c9e8dd817bb17819fbb
SHA256927a07e17d5c9aee51434578a3f918b984d948832573dec966afcab72d9d7fda
SHA51293e746eeef68ec62dcc373ae8ff368da637bc8d4ebd36d136d41181779a25b6d7a1aba743bd610e9ccc6496e1fdcc39ca8aacdd4384bbd43c8a5d0e24c02b58f