21b3ca6ce363bc3313fa635e9ef1492a80bf072eee2eaf1f3ca4f6d9922a39fc

General

Target

04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
Size

97KB
MD5

04ab3b35f595f0e71e9218230a0fad30
SHA1

2732a9cdc4b91469bd0a22029035a1f2d17b5312
SHA256

21b3ca6ce363bc3313fa635e9ef1492a80bf072eee2eaf1f3ca4f6d9922a39fc
SHA512

466cd14b68efbf814607b5ff23b96566987a9b3460fb647ed0619f983e16c4f9d63f9f0ef11a3739b4724571898eae61481d8bccacf5617ae10244f080720ceb
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNx:6rWpcOPxPke+e3fFpsJOfFpsJbgEP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\04ab3b35f595f0e71e9218230a0fad30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
98KB

MD5
3cfa3dee96a1967abf72c7b1e4b37b67

SHA1
43a0cc3f94239f86066a0eaa68606ddba82339cc

SHA256
1c0d962b074a11b48795e9d3ca4a2d1ca7edf77d23b9859cf99b884e0840ed6b

SHA512
0d0fd963322bb11a2b34026550e8ef668a186aa89692f8ba7d8c2740808d4282ddf9c47d165665867acfa53670475e2070cef4ab79f3d622a498bf23a96ef78c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
6d8d5f19b671c86225f95d590ff6fb8b

SHA1
63b4466206b22cbb4f9345bda6e8e19b5513da71

SHA256
57e5db17057046233d7874b22af9e91d93b2da95aa6f93dcda292ec448deced1

SHA512
0d8222ba244cd7eccd864bb5837d38e3abe0f2a1b57a4586262fae2a54b939a5679732f3b6f597f99dc9ae7d178a600b50dd66483b04230bd32694c027f96ccd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads