54f87e2b196096def7330d99cf5a190a86b6324e926b9d3b509b1e4a3643baed

Analysis

max time kernel
149s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
Size

127KB
MD5

1e263ec125c02e6a283521b98e88abe0
SHA1

c48b8962372b8ecf522c6cff058ce68276c457a5
SHA256

54f87e2b196096def7330d99cf5a190a86b6324e926b9d3b509b1e4a3643baed
SHA512

6348cbe5528889c6a495a0a17c428f719395cbce01de465d0bb51f97e42f7bca142f02aba44600f3a8f182d26841ca83081e4bf5d3f257af2900f6c6ee8fa766
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz3:RqlIyFESWu0SWuGSb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (480) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
127KB

MD5
12f82dbbd2e4856b7249b14eb961e28c

SHA1
d6d0efae09c1da9a75459f9e9e379849f2f0e9e3

SHA256
827180bdd7ff642cddd0451261c3d8e28062138132e5c5b1339f05cc1f9ab407

SHA512
7941f83328757fd244f4bbf8fe1586c3629a70fa6a090bcae8967bc0c8444de5afab1747a2dd981ec3652f247b378a28bbf506c364706af1558dfeb69c8f235d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
136KB

MD5
840161f3a8463147b4974bb55dd65614

SHA1
2f3ce1c9e2e5c31ba8f871e0e481a996a6b7bdca

SHA256
5f1029fcc188f3428b3047f1d1e970a1f57ebf74579850ec4287dd0e059e7783

SHA512
91d85856ecf6f2100881389aa40d554ccf1c1a0e42ed42b860dfed5c9a7dce767aa63dce0d0a83397cc61f8af5761bad7f331d16e21755907874a14cd7413f0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads