9a29f46452e2656050b0a6c97743542b238cc7a9c979363653ee8c69e93e50bd

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
Size

86KB
MD5

9014f84a0d35be9f7ef4682f85e02100
SHA1

7e3e656db06276094e772da3ae45cb62895b4101
SHA256

9a29f46452e2656050b0a6c97743542b238cc7a9c979363653ee8c69e93e50bd
SHA512

8420447dd7a4f8acc0e20a8e8df169055809dd425d5da1d7abd3609ea6dff11b55fae1ba80a0aeff2090de85d037c9b67d47c26a499069b0262e77f74926351e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/f:6e7WpMaxeb0CYJ97lEYNR73e+eKZf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (518) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\EnableCheckpoint.jfif.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9014f84a0d35be9f7ef4682f85e02100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
86KB

MD5
44dfc24e48c3dcac56aeb6db205b901a

SHA1
1df47df1aec8bafc13f49aeaebd62bb1a2d6f16f

SHA256
1e6c4d634bb56e70bfa778a3011caa434f0d4e4d5a0448181e2f7c6c6874f8a5

SHA512
a1611c87ea7d9c19dc46ab5fde6224e49391822afc9352b438da2a111f6da82636f61ac902391271152211a93ba58b829262a299ce49fcf73cf7d38bb7cf05df

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
6d27d663ae3dfcf88191eca8b1a5510d

SHA1
ed60998bd164476460bebb730e6e85ca222397a8

SHA256
09e5bd1403c9af5eb538a5920be434e5da46db78130657759f12b824e0cb03aa

SHA512
4b1068f8b6857daddd70cea0ad53cc3b044eae11e8fd8da61b31078d00d6af9086c884954640d642a9b41a6f511d529718eedbe2b70e6af3bb4ef3c11104cb39

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads