b6404d9f871fd060e66540f3cddb1dc0b75554b2cf8994d3b52c78a915382f59

General

Target

406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
Size

72KB
MD5

406a1ae5bd7b70a5f6f681646625c060
SHA1

71f67b378505b76e070c472d9dc1739f309a7863
SHA256

b6404d9f871fd060e66540f3cddb1dc0b75554b2cf8994d3b52c78a915382f59
SHA512

6fbb50f8b7389037d1bf2da9ac4fac0f7bce42eb129da9c7702fa97c801d7a57edb42b9cfc0e265ce91afa14c3abf04ba5436c84c9a276aed35315729c19a1a8
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/U+:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (660) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\406a1ae5bd7b70a5f6f681646625c060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
72KB

MD5
bc3f91ca21b98c41a00c0ea6749c6f97

SHA1
a4f379a25be6ae5287d47617a5a80c61e94ba255

SHA256
495ad8ca4c5b81a070501eefd9fb187e726a86ed4f6939f2de7dbd6ee03aab1a

SHA512
ca11ab665c750d01c134a3c8ca2bb6db0304cb98bdc7135b57ac55ba2d614e5c8b72f404f83488be748bef85b69130f60c3518d62e63327f257a0eee7c71014f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
81KB

MD5
72aad4a074b95ab77e476cfaaeca8498

SHA1
4dcae699d9d47840b4d7543ed47bf32dca83e8ff

SHA256
a77c111e5e5f53a24ddb5fb099caec0182d81513c5bd4661ff96fce14c23abf4

SHA512
a78f8aa25f5067a046f944a42df9cd67eb2b31ba6919e32de6b01141431775ccb60e745720369c7e6577520b01c1f2adaa3119ee91fb484aebde9eca49e6c447

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads