33808fbb0f03ef1ddbde4fbc63e6661e54ce88ba5989e31f408aedb2f1cad98e

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
Size

70KB
MD5

6a3ac7fc4a4fce8db1871e3b9ea23ae0
SHA1

9b614f2ecaf5db03e82a0688742df16cd80c1c26
SHA256

33808fbb0f03ef1ddbde4fbc63e6661e54ce88ba5989e31f408aedb2f1cad98e
SHA512

9d53c7375b8295d8bd6a909decc0915f6d9461d0e47ae640763f1de980d394bed8ff7c0deba46f6991112b16895af2395b0c42165e9d679cc9c378df7516641c
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Fl3Cv:W7ZDpApYbWjIlE77ufL2e+e16al3Cv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (690) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
70KB

MD5
d2d47aa98e0160e784bafeb78b502e07

SHA1
2a3b4fa038d38f029329de1fdd9ffca21e89af49

SHA256
4966a2aad34057635defbaa176756a61fc674e1f8a82e5fb001360588d662234

SHA512
0f51ce3d168c66c5c2fafa27f7ac7d92c93b1c7824dd9108077d15625c78e1bc9ec5c78c651bc12d9bbc8d7c20005c67e19589b4e4e6629615be90534a798c3d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
0db0b4fa088b193a008ae1e3c26ffff0

SHA1
437a0cee0149d684b34afedc1d8c99b64bed21e2

SHA256
dcb471f882884d39d81e7249f8b7b3dd46651086649830ced9cf28c84cac40f8

SHA512
12fad7929cf591b5a7c61f0281521725e1dcd86b676a628904adad83112e6411a21ae8ba720d2dd3f49ac82e07b90798725f3306636f19576b9d9f280ad68a4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads