553b33af47e74c7e01a0307bc03e46115439a27783998a1ddd7d0d50dab2d90b

General

Target

0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
Size

80KB
MD5

0ddefb8b72b325f5f51e7714beb8b590
SHA1

0b29fbdaba346e0b4bae7e1c1d3b9bcee3b6096d
SHA256

553b33af47e74c7e01a0307bc03e46115439a27783998a1ddd7d0d50dab2d90b
SHA512

6fa12cd8881180104ab6f0b696b6af50a981ac1f0d07546576641615fd9a56ddcb7b335cbeea8e7f110dd7d08574ea99e8e050dafb30f2aa5f73ea1103789a10
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (677) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\InstallFind.bmp.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ddefb8b72b325f5f51e7714beb8b590_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
80KB

MD5
5dbecf87e78f2be9cee0003a65588965

SHA1
e43c119652162949d862059485493d244e685db3

SHA256
e25e558b5bf530c8d8ef9e19812d63bb0d496c3750d334aefb0e9271170e198e

SHA512
783d507ff346008b83a5cbde58d91b69992b3226e627c3449b496b2a69d65139fc1c5a414a421044f83a54568b9355404252a067845e69dd3e9b5899c5fb9e42

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
89KB

MD5
17f11bcc13c425d8f06907e994264758

SHA1
61883b20182f15133bae519353828e181f3390f7

SHA256
8c6e716728d086f6f175d22d80b6bb63e5f2a5ca98d04ea1f9b699ac2b0741fe

SHA512
913cfc1bc2e706cb0e78d84da58ea6a871f59ca297d097509121d2ddefd9579c3045abdf72b2c7cb8e863167a868fa00ce1353250415f2e94010df84a9651099

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads