Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 05:49
Behavioral task
behavioral1
Sample
da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
-
Size
46KB
-
MD5
da7486da7327c4769639c111f7717230
-
SHA1
3e6dc479f5dbeba1afba7eb4d6f2e5292120a9d6
-
SHA256
cdbaa27ed9be250b3c12e962d3338996bf47c2fcd3aa9432db295bf318eb5509
-
SHA512
2a373dfb4fc9a54ee0386701f794856f683ca24c7c8719289d3dd6b60e2ed9ad3d92a63c8372d7170c70a383f5438ef04e4d6d29fcfffa96b6957547804b2fd2
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz7:CTWn1++PJHJXA/OsIZfzc3/Q8zxJ
Malware Config
Signatures
-
Renames multiple (925) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2540-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2540-26-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
da7486da7327c4769639c111f7717230_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\vi.txt.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7z.dll.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD5830485d7005dff8a9e2ed45c33c67196
SHA10b302c6031df4ce3e5aba7ffff44e7ec105a0ae8
SHA256b68a2abe2511caf0af1a19055d55ce8be02ad63de5cab8a6e8d837c112a739ae
SHA51238d1100cf496b7512e62f9735a70720f68e4608d132d227ea5ad5966f8351ce7587ed9fc54ca1022a77b9e01de7ca868df301f955ce4771480854990548312c4
-
Filesize
55KB
MD53f8731253c20b96b9c16ed8ef535f205
SHA1fe56cf94e1f46d7b975960e901fa9ede26152e02
SHA256ada3404e5cd3699dcee923221222fec941e4c8801b474dabe1cad76148bda710
SHA512c8431152618f76c2919d652ffac9cf9534c3eba8d957025e308a88f554c3fbaaaabbf04d2704e721ae42f7c5bf2b5b142d54ede2da9a53538643634a07bcc424