cbe9c8656fecb5795cf78d71321697a9dc9d7d1e23ccb942ec4560eedbf2693e

Analysis

max time kernel
37s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
Size

51KB
MD5

562adb02fea34eda5ae94c1097664390
SHA1

0916067192a3ed2e1755354e8ed19bb06cc5d470
SHA256

cbe9c8656fecb5795cf78d71321697a9dc9d7d1e23ccb942ec4560eedbf2693e
SHA512

0b5ab6ec011ddcba19a42e55296bef2a300ccf600a4b32666152f2aab81e2adfb8d47a5a743cbea860fa489521bfe8faa828795d2a788d8372173e0aadb1e769
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsU5nd5nT:W7ZNLpApCZrt8PWGoPWGJNdNT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (229) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\562adb02fea34eda5ae94c1097664390_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
51KB

MD5
a389943341c4183efbcd78794dcc089e

SHA1
bf7ec99708bc840dc50f448e5384bbeb2eceaec8

SHA256
c3bdbce25abab098cf361fd49667028b888dfdf4959f03d681a732cf00c7649c

SHA512
6cc03e2f274756e942b1ae8a4343c59e5e8191e39eb0c3c6446ebd6d366ee30463ad1570f1ae5a7b08c579dbf6b3f2222809dd3a98e8cec020f7e222eb62cf33

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
aeac5423967820669db72b5dd81a936f

SHA1
21a50e40190fd5f8f14c180eefed3ae425877a1e

SHA256
d906d15c9f584c5d22721192ee4cbdb93f5d1f1278cbb68ceb97ea36f796a833

SHA512
e56a19fd29b456364177ae2586232f591ffcae5c6fa27041a3dc37486c373f1875cfc4fcdbfab1b19481cd823c02723b9be00802c2c860642cf170047b8ca48c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads