Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 05:05
Behavioral task
behavioral1
Sample
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
d792f933b6e502ddb1f4da31944e4ca0
-
SHA1
9a6b925ae5d9ec669d096548f250814a4a10171b
-
SHA256
7b6f6139177eb52725c8aa6c789db560f9281f38f8b5941c8f7c8de404d16de6
-
SHA512
8e77ade8294e15c9069598b0a3ea2020c7028a0788f696d45bfa65e656bc4ecd8970667d24b038c0beaa7fe922e302e7e8f5a9c6f1911ff4215cc7a14c837cfe
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o88:KQSohsUsxe+erZs1o8k1o88
Malware Config
Signatures
-
Renames multiple (1164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2852-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2852-26-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uk.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sl.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ar.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD5d35546b486ed9d60db3510a42bfabdca
SHA11398e255c4cd5b64734c18dc405a2781853e985a
SHA256435758e9dd5fd4696524b9c4665ad3f00af6857b7044f60aa4845f3f7f400863
SHA5122522acdd7985028a36e9d9d7edf7182ab3956828d53fffe695e9b94525673b863334d553be759727d12711765d5edb833fb25a348df284d7a51d55f817ddc681
-
Filesize
68KB
MD558f70083ed75b94f59a498ac6f814c9a
SHA196850fe9139a1ef77d142bbc14a41ae3250c8bca
SHA256060bddeb0d8152b7cfd70a18b340bd0a53ba828841b81bb6ce70feaad3ba27c5
SHA5123659a2ca92b87dbb36827a4aa0ad908ccd95a0cc5e791214db3657b5bca97cecf3274d7d2226cf3b668772089f51c9918659c1e588f447f79bc73dc119e67b82