433d9471d164433aecb85c61e35862832641d9a914221195ef2a9d51764b8e8a

General

Target

7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
Size

93KB
MD5

7690a8109fd6ea316ce8833953a938d0
SHA1

96237d110f70da15e389e8b55fd7fc7a908cedc9
SHA256

433d9471d164433aecb85c61e35862832641d9a914221195ef2a9d51764b8e8a
SHA512

8378c550b89fee6e1d5200dfca794569e3a698fb30b11bde0f1232471021158c860795470acab51b7ee4a0c3dbd02a51e854b915c40c9628f9c31c905abeab45
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNzyOoyOo:6rWpcOPxPke+e3fFpsJOfFpsJbgExEo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (508) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1548

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
94KB

MD5
80589cd08a36c03799e8c6106e9b2dca

SHA1
eeef50bec3a17a8aee94569494312d7fb843259d

SHA256
b10af821d2491fb1e4def1c20481ba2c8ed8218fad4ef2cf30f15a904efe7d36

SHA512
366c3a70c66f7a89e2b56653802b389dff308ac04b5ef9444391da67b5542a62795c34c750abb86e116b5dc31f420575d5830e3082eb7104df6051b15d39f264

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
103KB

MD5
f4ab4368f305ef9d82b945c0349c4327

SHA1
b3d2a04a6fef5093ff1184d5f8482b9dfb2dff67

SHA256
fd915b4a5bbd0c05fc3f5a31eda5c86c1ff40696a451cf08e68ffc9a97fc981e

SHA512
335750cb17a3e4c19a63a8d1a838c9e1fe4a4a6a5e45fad14f2da51a213e8371fcbf5a9dff62daaf251fdd821da29784ec544352f4dd6f2485340e733b912b8d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads