b2ee8d5df297ddaf8edeb634f2aeb724aa17d5574e098fd700402f204495ca91

General

Target

4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
Size

94KB
MD5

4e0835d0804f461490502fafceb607b0
SHA1

600657d8b8bd44636131d092cdbc0609c50c0d05
SHA256

b2ee8d5df297ddaf8edeb634f2aeb724aa17d5574e098fd700402f204495ca91
SHA512

7421d8d532e44f64d0cc026a023ead987dc98a7c3c1a2ede1825ab4dc8cec3212c08e1c102cccad103f4d28dff85d5c6f83133f0f4737ce8374f940c84d5fdc3
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0D:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0A0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (592) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\InvokeComplete.rtf.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1968

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
94KB

MD5
a25b2d6b84ab72da1fc439681b52f0a0

SHA1
562040345983965cc393932feb559245c1fe0f50

SHA256
8f303d31758b02a6a264b0ce77faa430cbe5c08874528ebe91cd6fdb4e162cf2

SHA512
76eb8e525c81fe6c154121787d3644541767e703ba31d46946d606e0e4d851b943d9b5b9ec8b5da808c8d5dfdf65585af3404950d2710d3704a3254e2f405a8d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
103KB

MD5
e7e098a643257c2e0abf4fae6e5e2329

SHA1
6fff43251cb7564f59c6c6a7e9d75819d952939c

SHA256
67d415e66fae7006ab93e13a61f9172ef66835a983de2b0f11f422d3eabbb608

SHA512
62d82d78df5697f4746f14c8632da71361900a43cc598649b0c50f06c34479b124162979b061d6a12fc1171a01f6eddb3f8cc3fa020fc386b489da754fc81882

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads