a94a8a072afe64c3a10b86100f648ef8fb194aa42ac64b1d286e19b096b51318

General

Target

7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
Size

124KB
MD5

7f204a22933c3a375f8a0978b36b5600
SHA1

8776e55dacee17cf0b0ce4405557c0fa3a9ef94f
SHA256

a94a8a072afe64c3a10b86100f648ef8fb194aa42ac64b1d286e19b096b51318
SHA512

911a7dc3191b1028485e4c6e55e2bdb1466c032721897a54e678ae2b38b6c5319cc5c9021ecb011521839163fe8f997fa7fd42c48e65426c4400747596daff14
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1j1:6QWpkzlfFpsJOfFpsJ+n6jh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (524) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7f204a22933c3a375f8a0978b36b5600_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2896

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
125KB

MD5
56cd04a3dd8ac83daa423931db6e5772

SHA1
b12b8cb7900f356ebbdc52dd9708139dd913e44f

SHA256
56aa133b067a81c8696566e2b2d3f3576c1009184104bab5835ff305fb627e6c

SHA512
07a1f292ffccbb16c615ec3ef4f4f10cd1e626060fa787c10605a6099f899bedc0163b6ad3d99af87440e02c1f4d26e56589398479092d8a433f38d85d97e4cf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
134KB

MD5
ec7f24bb10cbe747f64747c9ec91b652

SHA1
c958e289e8cdf10477cfa8795a103cce6e0236f7

SHA256
e2d9c29bc77b3e610bd3e764ae7b2db4bb13445378cfa34d26b081efacaed7f4

SHA512
5b683e559dbbf6b9bf5ca6c6c2a599718a73d686771e4f91e8efa873af1c90874db8baee58c1722039ae64f35f71668e3017deff91d8bceb45e015e8babab400

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads