dd98f9191dbbe013e6fae2f784075fda78cb8d1ba03976fbfa26feb3e9bdb252

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
Size

368KB
MD5

d08f2faa2e9cdf8731c08064d7c4a0d0
SHA1

b8794c4ac156dcfd57ea5ebd18afb33a0accd1ed
SHA256

dd98f9191dbbe013e6fae2f784075fda78cb8d1ba03976fbfa26feb3e9bdb252
SHA512

d00ac6e462629cfffc01f0ac9d331b325018dd56af5243a8920cdfcc370617f09d8be895515db12839d0aa0b555157721f587dd36d9d03335ed526ca7d7c106a
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsm:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (268) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d08f2faa2e9cdf8731c08064d7c4a0d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
368KB

MD5
e3b07aee7a39eaa190cb2a9529a27417

SHA1
51f7860e3c1f08d2345a8564b52e08cc93467d12

SHA256
de139b6266301bd3643cbb55dd71f63050222e606f9bc5320764e12f7ae335c6

SHA512
e593a9fa46fa0ac3b57a223b79e172fa273bf4cbad8479e44c28c78c376fdb484f28cb868f47b5b075c88ecc42d46cb0284a7d5ffeffb7f4fc7f797fb6eb3898

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
377KB

MD5
a37cd619d9fb86122b4a560bcdc9c705

SHA1
a747f1d76e07f587cb7c58bd93d77609edbf2090

SHA256
842682934e00af7bfeebd256db6ede56cf19c184eb2b48f2cdb9a723b4e4cebc

SHA512
aba70c96b67939fc60e0828ba16714dd3640d0555c4fe74d937b7e478e7314bbebe18c2c5e533b538472ee0214c41a75b827e5b036f3009910bc626550e9b2e4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads