4b83637fbc04effead1bef7d1bee1f39b83dc5b3ea2e67ee2ed4a312b8758a9d

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
Size

123KB
MD5

3b75612a727189e8fe480df81700a000
SHA1

641ea736c4174e47b5e93437defdeeeb2c0c04fe
SHA256

4b83637fbc04effead1bef7d1bee1f39b83dc5b3ea2e67ee2ed4a312b8758a9d
SHA512

6393257f6d20ec4d117f83a540598bc3db564a18e3479af449d1e802d4def325325ec240aa5bd6939ebd2c3a73c1554a718f37da682d327996b0bf88132c8624
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jbj3:6QWpkzlfFpsJOfFpsJ+n6j7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (515) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b75612a727189e8fe480df81700a000_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
123KB

MD5
574b4a04a1ce5b8c9cb09f88e2d58c59

SHA1
9425f5944c5be8278ab7ea153e226a72af5516b5

SHA256
5e9b72fddf86ae44c24d67a966b987d6c0e39172b8062c06cacae43850f9db2a

SHA512
75efa009319b3833e7992335244c5acccac4aa379ce875dcee1f198c30ccbed55554a44bdc3a8df8cba400aa0f0a88bf9c8af253e0210055e54ca1074599e9df

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
132KB

MD5
ceaf04c10581dd6253d32323a757d130

SHA1
1d820b8bf307ef24108ccd520ee50f9934d66380

SHA256
8de5f9222217877c504d103bf02f67e04064dc26cb2cafe78d4f1aab43a4968d

SHA512
837e158f8992a0e1cce359d5787660f666e8e76e1a7b8a5c0a08b2614c413c3bed0bf3debfbb744abbed0950d16f1c66c714604bf7771a28bdb6d5ddfa4c2eb6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads