be289b4beb5ce5f4f94b2cac800a9c2f98370d90153d64d07b858a251fe97c25

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
Size

81KB
MD5

32315afbddc1d765d866de9d2d18b8f0
SHA1

b9e475104859a114d4647209714a07b3e95a05df
SHA256

be289b4beb5ce5f4f94b2cac800a9c2f98370d90153d64d07b858a251fe97c25
SHA512

2d304cc6bf87a3280cb84ed4b28dce2677d6801680554ef7cf346126b26abd747129f30eb794077093b2ecdbaa881fafca70b4deb73c63fd0828fa570ab6542d
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
82KB

MD5
64042d1ae1501f163ffe04ec511b3382

SHA1
50348c84a1ebc2d87bb826e21e8b358a8a93d7c3

SHA256
4e9d9d95ae17acdc1d40f13df3ec8eecf3b498b683707d35f34e5cc2dd5a0550

SHA512
94f8d7b141a99d9a914e1b286a0315dca1792a9dccb9dfa176eaed69905f176ac4651bd346cf63adf9354c5e37d554f114b697b1c9cac46f1be487b029d18c4f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
aad4ecded6de6f2c1dd075bedd25775a

SHA1
0382dbdbacddf9e64b1238cd7d6930fb18c41d88

SHA256
648f8f323e6afb2015c268e924d016d3b0932f957de72c506e034672bea4d778

SHA512
07f2f0c01ff46b98a3595469b36f976a7ce59517ec4ffcd60d5de495ffa1f0a02ee1c7680b157ed3f4b6070ceeb3c0d9df754d3e39df6d9d4495fd53f97e9342

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads