f0120d5e151b65a74ce284708d60e04586b18a2e21b5fea337b459fd88837d23

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
Size

99KB
MD5

1bf364e88a9ad56f4335344eae281330
SHA1

83396adf7d69fee53281b6340c6ce1b28fd05991
SHA256

f0120d5e151b65a74ce284708d60e04586b18a2e21b5fea337b459fd88837d23
SHA512

c34e4f7762966df71ff97dda37fa995885e6c9a121590a5399f1f21100258b01b1483cb1dd1b1f676976ce1998693db86aaa6c659ffb1a6afd15f5039b2131e5
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOfFpsJOfFpsJagx:RqKvb0CYJ973e+eKZ6gx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (577) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1bf364e88a9ad56f4335344eae281330_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
99KB

MD5
217f084979061dc296d165ad8535eb05

SHA1
ef25c432d245ffcddd8cf8479488b694b76ccc85

SHA256
2e14a07670bb5984fdd457ebc8c8204f1ea1fe39a701653e6589d4b9d760a865

SHA512
1f10b9b8b96f1655441944ce3e5e77e05a2a49f112c946598068dbf6d4f85413c118d24cf381b5905f4011bc996663a81737dd68c823a3c4cf8cb35c5ebbdec9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
108KB

MD5
4952a93700df31632eca5e1be72a25c9

SHA1
0128fe3ed4f6b24896ab13b1f59014a3d03f9d00

SHA256
0188d970e5c93ad12919ff7edeac2ac4208c144fdedf8677a54006f261c961da

SHA512
2221c3502d7cd85a003d7f2c45a1fd8b1dfac7a5f8f32c5abbe7f2461de081ca4890cccbf9aaaed8f71b855fc544bbeaad52e88f3f2d03cef1d4bf89f99bea38

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads