3a8760032cf73b3ff0e5738e3f85461349b8d71eebc0d961b51fb1674c2bd37d

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
Size

93KB
MD5

d9f201e341acbda67639d16e9976b880
SHA1

7c5f5cec8f4e36d3ca7a9f9064f79e740426cea2
SHA256

3a8760032cf73b3ff0e5738e3f85461349b8d71eebc0d961b51fb1674c2bd37d
SHA512

10a781778cc2f772cd8e20913c3c31c3789e9643022191bab67c322f195b4c7edf6750556bb771e25f6bba153373d2a950ce6a7f1b20615ffce3988056848d93
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDr:6rWpcOPxPke+e3fFpsJOfFpsJbgEODr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (576) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
93KB

MD5
ac4b0558cc2a34e0bd58d4b8ece5c6af

SHA1
26cbbcce3d5edfbac5686acb6bcf94d4e8a386c8

SHA256
21ef4720e009f19ebec02f152ed4b1f3bda00a616a0f924a5b416630b13fce43

SHA512
015f13fd40f4c9a25a405ea7a3d06bd8a5914b6c306bc8cbfc2a75bf7e17ee2cae034af9cad466308d0f754bca2bec473a33c73522d01fb2116733c753bc33b5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
102KB

MD5
99664520501a7ca5fbba1b0615ca7b2d

SHA1
36295cbc121f386718051c734c48d74138f8cfbc

SHA256
9a1ea152149854fb7f0d2e95374e3de79b77f1d199180382a3d74ac171767c6b

SHA512
8c5d155b05493ebf6c3cb827393ce6ba672f6534980d2b37becf0ff6ddd3ef8ae03457bec04963e1376939f5052853794d1f434e7aefec82173320931a1479e3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads