010c3c916ba770df72f2870d87bb1381245b4b80add975d049204ddf4bab76f9

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-05-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76af94f605729574d607968004f48990_NeikiAnalytics.exe
Size

77KB
MD5

76af94f605729574d607968004f48990
SHA1

b1e0cbca9a8321157e7037a73459166cec8877b7
SHA256

010c3c916ba770df72f2870d87bb1381245b4b80add975d049204ddf4bab76f9
SHA512

4f0dab74b2a0b4406e9e06bb5adc0c7524484b21d4bef83bd9c544605486b5a7925ad8fdf0a36217c0cd2b7f5cef372a226ab92d092f88ae3be5cb7a7778a400
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQc:6e7WpMaxeb0CYJ97lEYNR7Zt4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (751) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	76af94f605729574d607968004f48990_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\76af94f605729574d607968004f48990_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\76af94f605729574d607968004f48990_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
77KB

MD5
404b02fa13c4701518d92e5460de0b5e

SHA1
24d98103165e37825af3607b3cc090a9e385f27a

SHA256
3307b971bd426a90d6f3df5f5cdee95ca99dfe6e69d06e06a7113d44668ebb55

SHA512
46206f8ed509ad0f513c6a7350c6251f4988d34050ff0f4b9278b6a5ea8da41d08d73b6d7f06a76ba1d4783b3a34f127263476421da4912ec147640a5492efe6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
86KB

MD5
de9f59009c29807db3c23eb3679f8021

SHA1
3645906e225f1ff8a213cb964cfe11c7c1b32873

SHA256
648fb8958e4187c724f6e20422a9cb46d2e976f0f0f6b60df62c77e0bc2d8dd8

SHA512
5da69fade14690cffdc4d21e12cf3e6232876c616565101f1964277ef87d8f616f73f31cdff3384230806ac93e31671ebc4b23f6914a23de2cc0776f78269d95

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads