d2d630acff3c0ceb5b2dc30b07d77d8354145b427ab9721715a15b59ca8bbe5d

Analysis

max time kernel
151s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
Size

84KB
MD5

16ef00f43e6b8b3f895a30c06ed120c0
SHA1

73e5d13f4159a4fcd1c7a6a75f0616c683c1567d
SHA256

d2d630acff3c0ceb5b2dc30b07d77d8354145b427ab9721715a15b59ca8bbe5d
SHA512

928dac54c09e9d59bc46b36327af08acfe8f197f7d426ff394a9838dfbbf2aac94d9711ee49266dde0e650334f821fe0a1f27d33a011b7575a0c631567606905
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaqMs1MsD/WGy0OufxPGSxPGJw5c5ZWfdJWfdpMs5MsY:W7ZDpApYbWjnWf05PG0PG26f0J0A

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (329) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\16ef00f43e6b8b3f895a30c06ed120c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
85KB

MD5
a02aa18f465a4d867a0e93101c486b2d

SHA1
5970b6339feb2566a5a18d09f4b6f4cc9f9babe2

SHA256
c79f52100ac52628bdd31ddbdfb14528f72da3546a02ec27b6fde48a35e23f3c

SHA512
60aa64c41fe393abcad4c1e1bffe11f75ad44b917e42e4b6d7941a17fa8231bd97b5714edd2b108174f74defb6d5a2c3988f47aec64394b2083a550f1a284c59

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
fa1f30fd8aacfa80dd73fc48c42b00d4

SHA1
40cba60aaf31370dcea48998a6ed933013c83f7b

SHA256
86daf6a7ec284d1b3483f4a7b3f443741b29addf02ae77ef42aea04b92c8c361

SHA512
97691121b4f8fef15e8d2f6b434b110cacc3e7269b97c613b89eacb153d68ee3dc3b94368eece963966da49b75c12f7aef5739e52c91b78b311cbc003ca303f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads