c690479a2326e093ee405966d4ce50a8764040cb2116665e35229623183cb1cd

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
Size

46KB
MD5

288178afa65c76cd93c809b8171b6610
SHA1

4f115a122ca24fe126ffed5f3b5dfe72e0d1541c
SHA256

c690479a2326e093ee405966d4ce50a8764040cb2116665e35229623183cb1cd
SHA512

e02ffb79cd3e94ae9320c9f51773e6290ee721d2ed2dff17320b792860df7ab2c834e2ce876a338360e7a1a8ecada9cc0808d96d3683f334dc368d0f394d4d02
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrP+e8ccT+e8cc/:W7BlpppARFbhWJc+e8ccT+e8cc/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (746) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\InvokePublish.mpeg.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
47KB

MD5
faee70f82f4f334bc422b97e37a42617

SHA1
bb33240038560c4d334c0c2c2853896a1bb31bb0

SHA256
69788614f2039a12868169b5b224c2ea00dd610fb7844bcaa9e117f5f59bfad1

SHA512
aa6d5623fa26be3ec590b958c916155166b3519f3bbb4a03a6097286c502d63bfa036812475990515d9993c7145136f10bd54a7c88e82cd9e8b8ced6d508560e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
48699294adfbae7a317ed2ef8d3c908f

SHA1
3d7e4d316207627db8f88914ee9b23dce474ec97

SHA256
bc97af975efb7337a7d1d1e9727c78c06517237e503d9ea9ef998d81a77f31ba

SHA512
cadd2833ef6ec437285fd24d57fc83d7fce468eb4797106a2a68c1d96a1620bb8e108168be6de240cbcd16f04efb91bf723e20754e8ee58ef99eb2eb5aa33d0f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads