e4be014bbc785ee9b5fcea8c7f37958c219ab9f8b7bd2f2e762430a4a44563bb

Analysis

max time kernel
143s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
Size

76KB
MD5

6a90ad263e0959d82ed4d0060fabef20
SHA1

0e062cdf838ecea18ad16d86747bbf20fad03f82
SHA256

e4be014bbc785ee9b5fcea8c7f37958c219ab9f8b7bd2f2e762430a4a44563bb
SHA512

f2e770ec3eafed4da8bffb0e6c94e06f15389550b34a236ba160e85ebfffe4dd9e989009ed870e8dd327b19ec7d011dc2ea4252116af76423b90b943df595ec5
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQq:6e7WpMaxeb0CYJ97lEYNR7Ztu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (425) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a90ad263e0959d82ed4d0060fabef20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
76KB

MD5
01c98ec5c0ad9759f4c6fe898babf56e

SHA1
8ea57d17fa85e9addb78a2815c7723f114af0cd1

SHA256
a457f8b4be3aeef1c217f0b60cc0d8a8689254237d500721d31ac46b5b322d8e

SHA512
9be945566737968a2b360318ab80b56c38d9d73a501e39ed60ce46756ab64eb2ad3c97083ec4213a8faf5c71d3d6b1135345887ebd22a4e2c3fba7f77b635d80

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
898506a2cf6835fa9e87796b13fa6f02

SHA1
ccfa40f9da74620f4874a1efcb290774a5960b84

SHA256
1f65276b40dd141a7d38ba9e77b3f97923fc4995d08391a706f26ee6d65437fe

SHA512
421720de39472f46bd579b690adc8b9c09a4423fe2f8d731e3df56b8dbffccc14666c9857c97576cc235e03bb897c2df1ac6dbe93353b7a42802de0432f34cee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads