b1d05e1c257b00fa4209f9f0494f0f2fad05f5abbdfa9ade74e2d58efec3ad0e

Analysis

max time kernel
131s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 01:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
Size

129KB
MD5

1f087f909daa8b0f4d06925a23f830e0
SHA1

a376ff30f87699b089c974b6058da854053bc2a5
SHA256

b1d05e1c257b00fa4209f9f0494f0f2fad05f5abbdfa9ade74e2d58efec3ad0e
SHA512

e250d9e6344283e58e47426b5462923e7db2da1e4a15bb2409e34ad1e55106115946b9ead4d89dd51b079dff58e7884d5445be882394904c03d9da60f0285c41
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVze:RqlIyFESWu0SWuGSwxR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1f087f909daa8b0f4d06925a23f830e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
129KB

MD5
661163d1538972165fe144a02ab66761

SHA1
6777a8ec546b109167233bc441b51bb362516203

SHA256
bd81d507ecd3101fb05db588c2c64f0d131a4e8ea5a5b209839e0d2fe653f193

SHA512
33091f9acad7f83c9365444d10d24a768b71fa46f4349804fe44244b933802b4b6cf2ad484c22c1c1898e5dab0e0d00a7ee430edb6a661a5b28aa304ef8662c5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
4da1e3432845a7c6e3b21c264f2d203d

SHA1
e25cd6752a98262b0b07f09d3868327936f4e439

SHA256
cbbbb2186132c8d005dd0324a08c6ede0637079bdc47a3498237bb8e492bba40

SHA512
b6408ef353b27bcee217c475f40d158d28c4a36313c683fb5d97451af074d0fd423ace73917274ce2dc3e7064d8983caf17af4e68a4d78c1a51f2d6ad5e83402

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads