Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 08:26
Behavioral task
behavioral1
Sample
6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe
-
Size
67KB
-
MD5
6a29ac6fb7424377296e6485c8930000
-
SHA1
9cd1a5ffd4a9a8fc92539faa369d095d16daa73e
-
SHA256
9e56a1497231cda626066d47b7c54f468bbec41a5aa20f0a1d1103451dc61949
-
SHA512
688e8b786016e5827ff52d83a68a5bd915e0a9243ab3a91119ceb4c73e6eab991233258cee713d9d1a619ae4475612a3d3a53e8e19d3cef04e5aec8db8578f3d
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8j:fnyiQSoA
Malware Config
Signatures
-
Renames multiple (986) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral1/files/0x000200000001047e-6.dat upx behavioral1/files/0x000b000000012294-2.dat upx behavioral1/memory/2140-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/memory/2140-68-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ky.txt.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\7-Zip\readme.txt.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp 6a29ac6fb7424377296e6485c8930000_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD59306abde150413ace451116b5f161ffd
SHA1763fe5ea1044b09ce8513e7a8cf615777cbf4b47
SHA25687ddbd5c45db798e665ac9bd2414b7988457bf180c03a995cfb096a76f573d7d
SHA512906db5659bf0113271b3ca9675f7f49de0bc888bf50a0e02cd778bd74c7bbe1e74c4726c102e7a5493c7d6015303d005e5e16f0664fd6c6508c58def01d3e564
-
Filesize
77KB
MD5a7cc6f5fe59d5d0fc059449250f9843c
SHA1829feb5bf9b8f526323877a66ce6f8261d1ce831
SHA25687e40f47241cee1d5b7a8aa2e0da3c3ce9f94cbc817e6375ac8184e806114b7e
SHA51256e624cc69f484bdda9e43ec46e3b98e88760e3449e21ea3e3505ec620dd15da20307e878a0a650302a8090cb668e45b4aa221f17ba247439729bb3ba055f666