f27db296cb77bf592024bd0c2c7a8d405d86d90cacb63510d1a25a3b670acef9

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
Size

51KB
MD5

49f071820727c04af124479e25a302a0
SHA1

15475cf0518513235a134e3771baa1a4e411c367
SHA256

f27db296cb77bf592024bd0c2c7a8d405d86d90cacb63510d1a25a3b670acef9
SHA512

b0cd9ca781f6db51a657da6824d992b0c8c55bca44d45056086920ed4a355fddc11160330a185a2eb188ae680ca2185c8aa14ab8220bd9c5bcf0fbd0b91e4413
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsC:W7ZNLpApCZrt8PWGoPWG1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1259) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\ConvertFromFind.docx.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	49f071820727c04af124479e25a302a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\49f071820727c04af124479e25a302a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\49f071820727c04af124479e25a302a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
51KB

MD5
51f9325954fdce94580b962a39f0048d

SHA1
912877a514397e1207cb25ebf9980bc7c5abd5a2

SHA256
a72fb50705cee8256a27112dca63688f9d633a0b6722ebed114eea7151b39b0c

SHA512
86745f36a7d9c789c7277b05b5f63646b76ea19db5147065f0c53edddc6796a7d3ae6883c9a0bd31dd5604532c4127034637deb68b1342d1b040449063ff43b2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
616b3c7c454ce7520499ae6444e9ff1e

SHA1
18a4ba4363352cb092111928b81a25cee6b78b4e

SHA256
d52b8ef319e5ca3b57960a0f6b0e13e7aa9a964d13e451356e0ef8d5ee922338

SHA512
22c3df4d97e3bda1cac02833f5c609d10fb1927e5e4b42b8cb9bf6663ec2d8c41136e13fdd78b03dfcf00a11f06df560b9d0f1ec0c543e4ff6b6a3bcc3e3daed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads