5398d553e38812a9467157a6327d848d2bee1fe70d4107bd3dd7640911540a8e

Analysis

max time kernel
148s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
Size

91KB
MD5

1bf78f90c23c161486e5004133e52980
SHA1

53cca9347ea6feb2e5ffa2b252dd709ef085d008
SHA256

5398d553e38812a9467157a6327d848d2bee1fe70d4107bd3dd7640911540a8e
SHA512

c64e06e72089ff8fd7f7b14282958287b9f756a98d14cd791ef50556c9ae5f8197eada36787081001b8c9de55dd90d80644121a6dcd6e968ce827bf2527e8765
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/T:6e7WpMaxeb0CYJ97lEYNR73e+eKZT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (517) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
91KB

MD5
16e61f2118c1762b69d76fe3a2eff4d4

SHA1
f272451ecfa70b99e1b59c3e73eb30de3d31862c

SHA256
016ae20c6960656a0012a137fe7ad76b7dbcbd189121d9f3fe7956bc79d82056

SHA512
1f596fc7c554dc8b996b74548712b693a71ccda3745a467240fcbe45416bdfce09364cb72d9a97c369c9dca49a9af70e10cb0b5d1a01d7c5c2d6c935db326433

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
100KB

MD5
dc3a7bf15a8de7953c027658c796b66a

SHA1
49bcd67d39159dba169002a46c325fbcfb4ea464

SHA256
c49dba6d69d19c8dae9d5748d1a9ff881912e68e040a713b250897b57d695536

SHA512
17dc454661d133a2c38640705dc7a2821da99b9eef75d457e67f0494325a7229d1dba22e28ab3bd540dcaf493ef7a434be2ba2ca9575039783b071919e1c1bc8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads