c796a0d88e005d9f46662cbde414123888c2eee4d10d09ff63f5c4143caab3dd

General

Target

3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
Size

82KB
MD5

3f2bf6a98e74630b2d70137649196c10
SHA1

e0fde03fc43dad182fa71e2fffb3680a6c016043
SHA256

c796a0d88e005d9f46662cbde414123888c2eee4d10d09ff63f5c4143caab3dd
SHA512

e36662c4be027a602cc5ef2859b76dafebe29d76730295bee05bf654f45fd1119391cafc64eff3967e2c68025b4e8a53ddc544d4736e7e6091556364f75d9b1a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5qr:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDay

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (854) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2188

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
82KB

MD5
2c83ec548e4115eb281ea0d035b246e9

SHA1
7916d15cfecfb2685dd1d8a321f0cbe5fce2b711

SHA256
227e361b81bbe4b63a29bb89c66827206ebaa205492ccf376a18acf1e5e80bed

SHA512
c0726e2ad0447139050dcefefe563ca06ed6393cc8aba9932ffdcf87701e1fd43abe7ac160f45130b74711c1b5b10071c5e3b68455696a707dfb4c833b185a65

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
91KB

MD5
95180450b4eaecdf8d78fe92bf1c62ea

SHA1
9fa756bb2efc4a83ed6d47b59521dc297673081d

SHA256
38f898dd076b553b05ce8449d50bc479e6885c5d539fe7bbdfc28dfb81fd7669

SHA512
5ba9ff925df9dba8b6044dfa32ea516124e5fd13268644eea8705bdc5253bb005c9dde633df4fcd0f4f5f1e14b5de7e887105198cf5325e0c396c0612e31e7de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads