b01d9d9815384e06618cbe1d079a3a09092afc4b84c4f5ccdb32de3b2fffb0fc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
Size

97KB
MD5

eaf200f10cf8aede175e0fe6e487e5c0
SHA1

b322926a0d9e7d8e279fb028a413e944830e69ac
SHA256

b01d9d9815384e06618cbe1d079a3a09092afc4b84c4f5ccdb32de3b2fffb0fc
SHA512

bed372fc527c2f29b6603052551e0a8dc7c4efaef23207da231c1b16f4aad039d48e100c61d9b94d1c1b55f4a597e3d98149806e301262fa547883019cd39453
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEbThyD:tFPxPke+eIZyD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (531) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7z.exe.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
98KB

MD5
d4e7eb00f8e1b8e8bbd6f1b317547853

SHA1
7766467c3e427db5e8fd5cddb2ebce3fb66e62c4

SHA256
8932d6df62831f27c5909f8ffde97d935895d39d7f8a87cc19b4faced98f8975

SHA512
0e5f397a3989905b58355b479dc3d69f60868a7e9819c3f781053569d844f4e7af1efb9dc658909039bcce90d240baebcdafa9473d69bf3601f50962c1e63dc6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
78e9bd8b45c7a31cc54f1ced36b3821c

SHA1
240e7dd85cc9ce83055bd255c4a0b0ad312f3235

SHA256
f135c2bd0a06afb170f66ae7dc3ddac1056d4b4c2c969c3e860be085f29e4363

SHA512
e7bfbf83dced00bdea1820f56e9fb507cf6748761af6cbb3c3ddd505f05b58a8e2d686e27029fb9f0b41d0dde03b6c64f90f4380bded4035b3b2a44190bb7bc0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads