4567b7288a1415dbedc5e8f0202113960e3b0f2bc044de82c4457e193fdf8561

Analysis

max time kernel
68s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
Size

40KB
MD5

59dc21a520480ba66ee1c80c9251e6e0
SHA1

b577be81e159c99260c2dfb6ce97aca547ddaf4f
SHA256

4567b7288a1415dbedc5e8f0202113960e3b0f2bc044de82c4457e193fdf8561
SHA512

bea139f268b3e8569440b7c734ca36a9090ee0b24aee227c0d304620de349a39ef6ca50c8bfa0042bcf0fce8d3d86a562f4cedfbc6a9d5d1db6253ffe8d47c27
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKru:W7BlpppARFbhWJ3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1050) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
41KB

MD5
d9bd55a3c4955bd988799591f8a0fd96

SHA1
53e9fdc9be37d81399524b70f1726322d4cb05f4

SHA256
dcdd89e0616bfc6ef567041638fb2f907ff28bc37f4b17ef6ccc497a823f3c65

SHA512
cca0f486d745d45a41466cda15b04c6ad737598f62b5b5aa81a1baefdf89c70e26344230833dc5c0d6e7fd0e849b63ce90dc29ab92f4f31fc528f61815987a68

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
e3c86159310846ebdc76d1e2932c1f10

SHA1
3404af43d3c40058c2f74513f509c207b7e86100

SHA256
d70e114745e9ba0cabf587a10b55a8d0eb8a95260e43264b958dbb0f6ff59c50

SHA512
865f933881473b8e7ba59382aee12880943aa5288482c6d3604d1834cfb71f9df4b9e4bfd4484fc49758f049316b1bcbf3002032a1d2e28590d0c6ae4d6dc60d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads