57594be8d7f7e45ec8641c0b54974bdfb011577bff86875e0dfaf22e3641a7a7

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
Size

79KB
MD5

a4dc468e4d6a60402e99d175b8bdeb20
SHA1

df33f44ed8d62ee451c4266d2287ffa3cce1c42d
SHA256

57594be8d7f7e45ec8641c0b54974bdfb011577bff86875e0dfaf22e3641a7a7
SHA512

f1e139cb9e3a2be9d5ef51ec2910b7babf180155c0aa116475bc964ef0b2b89be7c7f90b02d5f421db83955088419e7ab79b95ba76cb7d30636ac45fe5e0d113
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696xZD:6e7WpXYvnd3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (596) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DismountConvertTo.html.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

Filesize
79KB

MD5
90134bf38fa3f9358418c1f4442cd20a

SHA1
b332f90d6b3b38aa2296558d8f5c387879a2ffb7

SHA256
503c6643de6b7163fe0b247ffdb12bcf15f9972d9f627477c520edc30e6a31a7

SHA512
0915f34ee814449cd3a96474199c0789d4eeeb5f37c487cb7b72074cdcd58a5343ab20a661f4ee72b4b67f578eb606eb470add598da8ddcf40e0a70dce785e46

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
faf0ca28f5ab0dd19dcd59ff8e5f08ae

SHA1
0a4dd3e80490e7692585913366a98958ddd0284b

SHA256
4d5c5c61cae85b74eff64f0d483b31205d803180a4235742ee4f20ee74d2bd40

SHA512
eb7db550396980b0dba7c19c7bf961eceee3d69879361b603bd33c39e04eee7147cc1a25c2b1416bcbb95fd528c621253fde0801df3538633cd470dee8e8f29b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads