81714270ef311fa8857c5ed7b6b89d6137a25cfb230ff7b392d9bf4ed646f7ab

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
Size

50KB
MD5

08a80ed1977d3495fb669e14d3e9a4a0
SHA1

b3b2bd9ace1a59b985161f6161d97ed697a14151
SHA256

81714270ef311fa8857c5ed7b6b89d6137a25cfb230ff7b392d9bf4ed646f7ab
SHA512

0ea2e82aae53e900b0d6f0a3ed6ed6a531d5f6e65579043fa2e8c422b14a60d338d88cd39be6f1fa16ed0de3a5135c7ed17e1ee10a663f3702e9b38f67decf50
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nw:W7ZNLpApCZrt8PWGoPWGANdNw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (947) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\FindRepair.odt.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\08a80ed1977d3495fb669e14d3e9a4a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
51KB

MD5
f35a98bcb1d9342022fd06914f51b162

SHA1
05ea08102c6552e279501f8c7eae194503916340

SHA256
c6856c1656bcf76d6f7bdfe53663a571b50df07c92f89fdf40469c1105d15209

SHA512
507b427d353673af3e5f4bd15de50de9a3f1b3f4abd3bde9a81e106db4554f0cb09eb095476debbce8ec2a0be3f4633c87fcee32714ec22ed87fcaf611d2945d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
25ecd42684442f1b1320716bbe34728b

SHA1
256f78b3a1e904bc90eb719dba9fa6aba6924ede

SHA256
ad4dfba84a98e0bdad70ae5d5131efb269c709bf3bd0becff16b2d9e36b0ec53

SHA512
966c94080fa04a54a0bda5cde0591803e49a8b2bee8035e0e57f725b8a908d5540d1f00d6d9c18bb33aec410bf849f17aa16d7b8eb8b361f5ee7575820a3684c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads