115d791570ab009445bc65bcc0192f3f8fdc3dd65956421b771bf0159ac33d69

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
Size

120KB
MD5

3484c6bca400e0cb75faff45c548a370
SHA1

2dc716c93df7ec5c38b320754be2f1f42440947a
SHA256

115d791570ab009445bc65bcc0192f3f8fdc3dd65956421b771bf0159ac33d69
SHA512

70d5ec8ced982d9f7176838c87497562780b6317ca806c3f2091600ccfce1ba06d3ad4d2e20201f64cca90d77b8d01958bb075fba6bc8c339073c01801230ea4
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzp:RqlIyFESWu0SWuGSwxO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (329) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
120KB

MD5
d43b7fad4bc185f237f6993664d07cb8

SHA1
9c59f111985cb1a57c4911ec659a2df751b2e193

SHA256
db51a4a656787952ba36c6b048283261bfa4d986b9c69a2de7d2e93ed02b068f

SHA512
0ee35149a0d42274a0291e3db571c42a8db94b5aabd5f7f74256d33e27edafcc120c40a0e995bf13f437209a974abf578f415dae2a7ab62b6ba10925262c223b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
129KB

MD5
35e11e4d02bdb79643b11c368c530651

SHA1
244d836304215afbc2ed09049fc68bd1505f4226

SHA256
007ae57176a9e9bb4097d63aab4d41a8d1a13bdf8fd7c5e5500a9117c18a4317

SHA512
04b69a33fe361d76825533c6890a4c40c5e5af41889183ce41f720cf459d49aa3376f0e8236b8e09b78764d8188e2d4a7d66327e524303a56bebe080a3f8daa2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads