8247c3a10eaa8cc0f741f20f9e5a41d7d673e236cd8957f97100bcc07d81c612

General

Target

4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
Size

76KB
MD5

4d0dc90257ecca00906452389ceb0dd0
SHA1

c06e1a7ac1809254a11c3353eb6a3aec03ad2108
SHA256

8247c3a10eaa8cc0f741f20f9e5a41d7d673e236cd8957f97100bcc07d81c612
SHA512

8565e85c304c2d61e2d22a3296409506619b93c6ac93a1e3ab51fd4022cdc5091637fa580c1b7bdc2721056c2f3f6c0e403d29da08c790f2a380d5883a833749
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v29HWvHWY7GG7Glt1O:GBt7Br5xjL9AgA71FbhvoBlW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (889) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DebugAdd.docx.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1500

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
77KB

MD5
31d7950e76622d1b295edcfda98b649e

SHA1
98b7bd91ed2b006575f1255e922068ba7195bd9f

SHA256
d9dc12b3d7d3c197d2d5ca6e2ef8dad601fbffd429ebb3f05c011a31e3778173

SHA512
70e77578522a464e1943ec79a7d6dc458c0e909e14370503730cf121b18872db65874dc54ec113af28e73bf03e99fc490dda8321bd1601421bd9b0a5ba1448fd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
fa259ddafb450781eb47b2b2b68c9b70

SHA1
f41d4d6cfb6f02f70cdfd55740561362c031cb1b

SHA256
542bad337773d09350d45512d0c6bd8ab28bf3b198c9b8602d8f220e53f570df

SHA512
365d4b0d5e85b0885d00bf89759606505f2cb2e5d7bccac0f5383577717eb3d93f66b96bfcbcf395548bcddcb6559eaf800f68a93f40a5c19cf97da958474640

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads