217f1933a34558422f7df30ef6f030e044215846eb91ebed1fa0113b23db8fa1

General

Target

48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
Size

134KB
MD5

48fe4392584ad4f413a3a2d619c9e8f0
SHA1

683f4cac0e36b6b79127066c2101e8b0d6c74680
SHA256

217f1933a34558422f7df30ef6f030e044215846eb91ebed1fa0113b23db8fa1
SHA512

41f3aff7c96771af349277c57b6855475f8b1a455400541af47e2c439ef6c394bd43b0197bb923242601fa58f270be9f1fefda94ac79c1a5ea3e5d8973ab110e
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYf7WI:/7ZQpApUsKiX26rWI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (512) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2008

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
134KB

MD5
4c7f99684e81ebf4e00f83fb7b6534de

SHA1
adda15441db0d6bd67af7c1a44c7103688815843

SHA256
94bf363d47deb3c179114dcf207aa8d3fe4f9fd90f9a54eb2ae88c479838e166

SHA512
e267998c31f79906d7c97e5ac3d6ba8cef6c3de95c1f9cf1f90163696f08951d2e9f7fc7b64c5798a7ae0c537f0dba1303f79e3691f5c2c423f336f08bb0c2b0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
143KB

MD5
2c400504c6e21cc6da8232f4b0f54766

SHA1
1e043bc56cb2f4b0ce377d3da6050458df270a12

SHA256
6893d1b395a5bc0356f0339b81e53583fc54468162b2727a46d1557581aa8188

SHA512
d9eb11b4637c77390b9f5f6f34bf4e3eab3231cb53dfc5eb16b7f399c9efb1c2584de63ada457bdda7ab7ede0dfb034605c7a14ee05b892b4b19ead7cd87c5bd

Download Submit
memory/2008-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2008-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads