Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 05:58
Behavioral task
behavioral1
Sample
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
-
Size
967KB
-
MD5
daf9ce949fa49db91d48dfedcf6833e0
-
SHA1
84586a9ed69bd42fe9992c697c30dc991e6d0530
-
SHA256
3bf851200edebdf4a6642fd36ef53946dd671c1be3c5f52d4623f02e57d1120f
-
SHA512
9616feef093d813c772c6f90f02b9d65e2faecc814a945bb4c019807ca2745f4ff2ad618d1856e0ffd6505064c705c957c8926949e4db7c5b84d1d3d74295c75
-
SSDEEP
24576:VIDU9BiDVCPGccbubHu0cMGKNkwl0+r+tESyVbEFfc4KccyMAPFmjPkWkhCkhVvf:VIT3
Malware Config
Signatures
-
Renames multiple (1073) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral1/memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/2928-184-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\es.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ba.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\de.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ru.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\bn.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
967KB
MD526d52255dd75569cc7b939e385387aae
SHA1bdf4b0ec95211255b89128cdb0fa20aeca60b5ea
SHA256a6611a979f0e3f91dc346b19e0645420281f174f5e440ae833fb8a3f4d4f8e02
SHA512b3a3b12605f51e2efb287c1e46f98fbcdf547c586332cb5bd245c8a64d4f1b1affe373676cca6ac99cd7dfe29477ec963ba7dd11b6f4b0038a822eaf90751759
-
Filesize
976KB
MD503678e7e394590e58786a3c27236c7fd
SHA101ea282c053d8503e56f6018019451028d99ac4b
SHA2565eba718f788bc6f4f33f32bf3b8c60a17e613d6d8157c92c709ea81644072b8f
SHA5121693f0ddba9de20015b350f3998c89cdd8991bbaa695a5af60205c49d381f0818ae37ea6976fa06816a821a42e10b1842836633f3d1b211de9c50a8f851dec32