Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:20
Behavioral task
behavioral1
Sample
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
-
Size
73KB
-
MD5
a1b200d420ea0e0720cc99fa123a6e40
-
SHA1
102bb3088358c1e8b809565c7cf0c6ebdc62ebb0
-
SHA256
badb5f9b6d027fc3a25c0d7ccfafd11eb73154614717f1eb265d6c2e860827dc
-
SHA512
9122d210fa2c34d26cefde86d06524e886b40502d1350ed0a7706d9dcbf62a0ea16d86bcb5193279e35c644ac2114894274043f05de8261f64d4070c1694408b
-
SSDEEP
768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmzWzXUS:67Zf/FAxTWY1++PJHJXA/OsIZpPEIUW
Malware Config
Signatures
-
Renames multiple (3761) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2548-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2548-654-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\javaw.exe.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\COPYRIGHT.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\7-Zip\descript.ion.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\security\cacerts.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmpFilesize
73KB
MD5718e17a45734eb464336f122379d54e9
SHA16c279f7de47b8950990f2eb1b81bf0f58b53b663
SHA256c7565bb7f938a436ab49b69814d38fb0a54d4c3af880f202ccb263e735f61707
SHA512d172315362c364dab85e568ae6fb7056b606ddee92369893b2bc761eaad9f59e9eaee66d268dbd766772b5c6ab53fa231d8e4a672c1e2bd6361d7c6854c2c36a
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
82KB
MD5ed2b621ad79b3744db4a064f7c1ce000
SHA10b6c43cf3548e9a2e127ece1d5ec3ce01a40b095
SHA256ab568c3821fe61f50af0a498e41d4d80b9b4d2fa447eec113d319ed8bebfbb88
SHA512331b130e9b6940c4b141a3029d6e4470bb09e1a020ed14a98aa409162ac49c4752d4f5232a5d4ebda79a9e1eb5bb6beb3dc1e01377223ab4f6712bc2a5ea5106
-
memory/2548-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/2548-654-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB