55be583882664e7fc99a582e9af1d385151a28efe628492df125af16b6f884d8

General

Target

813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
Size

82KB
MD5

813ebde304c11ea296a66ea152a562a0
SHA1

93c813a28c80e62aab7b68cafad027e8f00c3a91
SHA256

55be583882664e7fc99a582e9af1d385151a28efe628492df125af16b6f884d8
SHA512

bebee714cb9b5e66da33c63018ebf841efce7c22bae2580a82637ef42f0d52cadbb3cd13513c4a5484a4b053f1b9320df4c777320aa049aff31628aba5e4d179
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v29HWvHWY7GG7GljAO9iOghZ3yAO9iOg/:GBt7Br5xjL9AgA71FbhvoBlcQ4NQ4/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (570) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\FormatGrant.php.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\CheckpointInitialize.clr.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\813ebde304c11ea296a66ea152a562a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1712

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
83KB

MD5
1e8f4118e7cbe3750f68180ddb3e7f8a

SHA1
440a74e54f39093fbdfb0f207ce7bde8d00f852d

SHA256
5d47fb7c13052a2ead59f0e7493ae3bb995d9d9dc6010feb0488967719de25d5

SHA512
e1feccb2d6101da028ae0f44f97cda66b7a072f58c41d31a0c8eb3df4211e312a3745ab6ffbc056ae8a20a777e46ed618c1942fe56194c3a128c9745e7ebae8f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
92KB

MD5
251f3f7a449caa44ca29b2cce4d70d92

SHA1
2440f44477fe142b6f2248b4a20c09092e8e148e

SHA256
7aa7e36905155a57d5f6bf8b45d5ac7a36a4ed5b068defdbdb07dbee51700ef3

SHA512
1dd90137ac3988e393e78536725c965827e5dda850df9a416806a4b96d583f35941520b18074e0734e20f4275cdb87d5b2ec7d0e055e339e39558c34489dc837

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads