e3c5e204610a5c7df19ba00a7cd56102d124b99ef77686fb4418f2d38b8665a7

Analysis

max time kernel
68s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
Size

100KB
MD5

172daef9c610cf66a0a9c47329c51d30
SHA1

84ef4b4a6e8510f571d96fe2f23e78798eabae02
SHA256

e3c5e204610a5c7df19ba00a7cd56102d124b99ef77686fb4418f2d38b8665a7
SHA512

c61a9d55d564077243064655382a4cb27347cd74c29a997bb1615825f99eec5888c7c055dc2d059020460b5b89e6121e8f898864f629afa8e3248ba0a9551502
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Blpw:6rWpcOPxPke+e3fFpsJOfFpsJbgEy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (639) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\EditAssert.aiff.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
100KB

MD5
b07d4289e1378c0fa251cf52f5aec14d

SHA1
0745633727435c2eb848ed99a1d60be29dddd9e6

SHA256
abe01ce3064c4a86ea4c53177aec3884fc23f247a03fda2ab138202eddd96e68

SHA512
9ac483c3ef4a87f4652c790c514ab18ac67d85c9ee33c352d641495ab423b10cb8a5839fc27557c611b88466ddab266faf8fa68164ef2ecb9c29face83614c2c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
0502cca7af0d2dd1d71d5ab12ca3f25f

SHA1
764367a6c9924fb40bd3c25e820ca004364123a9

SHA256
abf1dd8ce329753f5a23cece5c5ae27a3378a21f4683b61e86302712c8c6c5c3

SHA512
9d1f6d1ac06e51e34d03d8ae70bf6269dcdea89e08169cf9412afd2cb6cbb8ac3d2273c49dd0bf346b158a818674ca4603f98840586b34c61c2e19652ab25af0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads