43c073760c129051ee96ebe4fe4494bcd8b005db41dbad6845f51ff904766954

General

Target

4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
Size

75KB
MD5

4413e8d2ca82935653c7248ba2e8ab50
SHA1

5ba87e5b7e074f184619609358b4e38e3cb6dec5
SHA256

43c073760c129051ee96ebe4fe4494bcd8b005db41dbad6845f51ff904766954
SHA512

c337192b1aa4fe5f3131e61a9e7b0f4ab9891dc387357757e74e20469b5695e2a6e0b2df66875f666aea61e362960acda784c3f16ee97990b657639a4e555029
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3494) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\postSigningData.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2988

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
75KB

MD5
247646485517074c7b5b239d27211a87

SHA1
c1a6ffac275adb75fac4d4f49f3a24116399122e

SHA256
bd2b1e7dbcdd43c72041dde5a816c7062899f88a00cd438111813a6ba1af7a0f

SHA512
f23af5c9e69f2d5f51577b0c53aa11affd5cd2a842d644abebe09dc20a95ecad1d7e6bec2ed296c73abb1b82217d718bdaad9a2b5f8dcd0f6a0b79abc5ee05b6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
84KB

MD5
f36f2952c3688ff519ac5aee9b7df2f6

SHA1
1bffa0352d3754e495824014fbfe7bc463f80144

SHA256
ecb65d3d8d99a2ee7511e51534ed21620da4671b2fd849ee36cd8b0eb66f20ac

SHA512
c8a39130f371c613fab6dbdc71358b9d46e423d37f16f56f9f3c50667f7d874d1b45e4d710a41d27c4c330ff3808d87d7092545aee46b3e99c23bf6c3f97b2b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads