c1d79d3c5ccccfea4c1affdda405a1b933b1c9b405d20dc7e419937ae4f11820

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
Size

129KB
MD5

67c184050f0483994a0f56c55947f620
SHA1

145ed2ef1c0c0da06e07bfed93f19a49d6ffbcb5
SHA256

c1d79d3c5ccccfea4c1affdda405a1b933b1c9b405d20dc7e419937ae4f11820
SHA512

a4e9005d19fb64cd2be98674fb414d0f8fd5a8d0aaaa2f93406f7ae5eab494bb0b1c35354303aa465f575861b7c0b867bbdbf185ddad22431f498ff834a2927d
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOG:/7ZQpApUsKiXBvzwvzXJvlwJvlE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (589) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\67c184050f0483994a0f56c55947f620_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
129KB

MD5
b7ecbaf862c14ddda5cc6b788c47dda5

SHA1
bc507f42a56cdd1d0b5c7f428526501baded3b81

SHA256
8551283af624a9845fc4b1a0a9a5e04fb43cfc3c9fe437dd7690d8adc55b937e

SHA512
d69168819cbd8781a19b5c0ba7499a36a81c0a386f3b098c0df427bf2d836bedf240cd1ce5278e93143257f80c74ac353bd0d637affec1126fecc7f037579f68

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
3384bd98e231e53dc22145eecfd4d1de

SHA1
5bd36e83775873f9dee66dccd90bcb7599b7fb75

SHA256
f90c75db2fbe1b34312c3eba5bf84f3c0779cf7f06a540d2cba044b3b6b2ab99

SHA512
b5713375e0354c2f8ef5cce0017c5f536926975d26abb471fdc9b085077bd46d67f89cbbcc954ef518afbc5c033b2a320359d7054dd61be0d3dae024e3671118

Download Submit
memory/2744-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2744-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads