Analysis
-
max time kernel
148s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 04:56
Static task
static1
Behavioral task
behavioral1
Sample
a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe
-
Size
44KB
-
MD5
a40976b5441acb9163e177b462d75b10
-
SHA1
f88f9b104c4688a1fdb60e85148635e82eb47e2d
-
SHA256
4d5077fab12be489d18ffe985356420a95f1d7b1727a9d732df048f76360ace4
-
SHA512
7e1bf083cf43685665755b32cbca1bb7ec7fb5f16ed4ae57227794c68db9ff7ec4b90d66745a3eae0e32dcfb5015b638dbc65ffb216193d5d8b2bf9205379517
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDy:W7BlpNLpARFbhblkYlkuvIYFWcDYcDy
Malware Config
Signatures
-
Renames multiple (1023) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\lv.txt.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmpFilesize
45KB
MD5e99a3587b10a473139fa0ec71bd589fb
SHA179991d53e4bc5c839450361b6736ff918b96156a
SHA2569d2efa0d89a09a18fb50f7a08369d5527f954740d91106812203aa50d04adc18
SHA512cd6bc0ece3258cc1d9dcf2fdee5814fbf38ffb6eb8d37735d617d84aeabc4cf0c6a8489bb176a1ca2a582b262bbf1736924d3d9846b96792939e3bc16d50b340
-
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmpFilesize
53KB
MD559cf36e9fa0fc865713653cf65ac6216
SHA137d59a56f352b1eb457ae6bf73cbf491ba89134a
SHA25627ee2f31933efc97b0539d05be810de61431b5087e9111ebe1a2f1c0e49a5a8b
SHA512e07e51aeac7181bb8df65e5737368b0fae1e3787f18ee975e6da0502a0eb272ed3c58fd764968f15e76bb250a5e3d24b1c0efec1ceebf42166428c153fded44a