779a41065ec1215dca996c717ec8d5a781d73c9b6949e194af54d6d10e66d062

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
Size

101KB
MD5

0335785036f28be18dd698be8c693df0
SHA1

fa15d5a25e6c3577f59567dfc07da426a14b1ac0
SHA256

779a41065ec1215dca996c717ec8d5a781d73c9b6949e194af54d6d10e66d062
SHA512

4548b771030ee6599d17a3caaa99db5ff2a62b37253f85703290bbbf559098575970f74534278e107479fa490911c58df6d100e26fe6041ca23e87d3f7de180c
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPxP5:tFPxPke+eImPxP5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (679) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\AddAssert.sql.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0335785036f28be18dd698be8c693df0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
101KB

MD5
1e11410d92a64874b50c3e9a0912affd

SHA1
ff3a9dc9aaa6f4e15bef6ef8785c231f99cf3941

SHA256
2b02c63427bae5565931a8ec206b904702d6b448c831361d034481f85fb9a74a

SHA512
14bfbb6ff2a9c7427b6dfab29a66ee8867beb9dc9a6f24272b19476992bb30dc1d249a9ac0459e6918d3d11f286abceefb846d779ce624b0c03d19c7de2e8b12

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
fccf3d0188a818baedfc0b764853e2b1

SHA1
63490ca11c3e9ab0c1ac26725d23bf40847b2ad7

SHA256
fa382dd39840f06e87216e1d16d9de8ab62230813bdb71100b161da5da869bc2

SHA512
beed08777798b524dce43a60cdfa30c8bc9bc3fae1ddb209eb8cffe8910594c1286f52c107b9b388a7ce1b694a1d27b93368b98fa5ea138a4471d1df170162ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads