1cea7c6d522d6d1708455e2bc9a8538643f93dbf9b3ba32e5414eff6cc9e7d4a

Analysis

max time kernel
148s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
Size

131KB
MD5

b7cd59b7c87e8f8cdeb5e513820bf060
SHA1

f88580014c1279f1c713ff735d7393be2c771112
SHA256

1cea7c6d522d6d1708455e2bc9a8538643f93dbf9b3ba32e5414eff6cc9e7d4a
SHA512

d0488bcc58587edbe1aa4f9cdcd8b8f2fb8703e53708b4cce233da836d2a4ebd4130818e6128f69eb626e1661334c2d1c0b543746e129298568d1d78034a97cd
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOG:/7ZQpApUsKiXBvzwvzXJvlwJvlOf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (522) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\CompareConnect.mpe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
131KB

MD5
3c90dad99bbd03c6ba5a23a6e8221cec

SHA1
a34093fbc06bb4e0e90764dcf4b4b7e3cd550877

SHA256
1007cc5c2875394d394e6e9ac5521b875671c86eefacfcf8d80bc8229a1e0a89

SHA512
39693755d920ed7ac75b64c9f39f59e02927dec1ec66b3677bbd725b1f32aea7efcf589b9de6b1ab0a54116cbb885b18995c217781b77b0b740fb7414ced4afa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
140KB

MD5
d0f528a74577a5842ffb011de5303682

SHA1
e802708b80b93ff6f5cd9d0275b29bc796e18018

SHA256
e6e270a8159578a5f99fa08c848c7abbcf442278dcf77a1d8eb93115d9965c45

SHA512
c9debfec59ff9d09c0578570e56ea5d9642385ad479d381a84f0082ba9c9307286738f6d4645d88c49e34e8ad89f53479bf8b0f97a147b2026ed8c3561b3084e

Download Submit
memory/2224-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2224-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads