af010595f26a7b59c04fab15b59901e15b61e1a690bdcd3c6f66d0b26e1162a2

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
Size

63KB
MD5

0e355fa2f48056932a8a8f8e559bc450
SHA1

67f8088fda4e87ac38e344e1319ca6f300eae81e
SHA256

af010595f26a7b59c04fab15b59901e15b61e1a690bdcd3c6f66d0b26e1162a2
SHA512

7bf0cc514fff2d4412783d1e0023729e5b14e00e876708b1926ceb05e9ac8f51efa85c032792f42d680190e4873b0b9926ff0558c2f65a671cc0d024f6c32535
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuX:W7ZDpApYbWjIlE77uX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (515) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
63KB

MD5
179a3404fc5d66980d50d799354a4af8

SHA1
167d53221a43053f8706707853a6a8fb88a7d32f

SHA256
3a2ce8c98629ef559909179ffce334ce3fa26118b78214509cd9dcc3ed2591b2

SHA512
cf980be7bb260408236d9940914d8bc7c5c6dd11fbe2432ba7d3042dffbb8ebb431505393bf85c594bdacda5b5f4e6d419d4ce83f4ac5ab465008c80986e993a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
72KB

MD5
bc26ddc07c2fc04fcb4217053740a63c

SHA1
80593571e528ec497073c47394112429646b8a78

SHA256
d48b49a38bd8ee5e29835e4f7f5c8a5c372a1287270a480a0db4cb5422611385

SHA512
ddf1d71a05e47d2b6c84a6d565e31fae744c1f556b576286d2b899c23250baf23fced6d5654cff2fcb6613538af8e044025673a55005ea3ebf4608bc73cf7383

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads