c0d26c4cae574cc0ee50946a651a8140a9fafd1671e1908659daf08200be42f0

General

Target

44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
Size

89KB
MD5

44b33aed751eed717fd1cfdf362ba1b0
SHA1

b1018eed81e7356597312c5eaa7e046c80d758ae
SHA256

c0d26c4cae574cc0ee50946a651a8140a9fafd1671e1908659daf08200be42f0
SHA512

6ccbbd9cfd2849c33a8f2ca4dd91a4210fba4454d868e87799b888b1b038ba22e034648316d1300d831c9c5f1023780ee9301e3be7b283e806bc86cc7fc38cc0
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhd:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (836) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
89KB

MD5
df2e48292fa9e39ff6b7eb6971896277

SHA1
8f1536f7fd3233c6100703c75212f0f0f63c00d0

SHA256
07506e5b01758df1f25bf65f66daa63fecec115880095486c9fd95573a66e626

SHA512
4eee9ec842d2cada9181d2539dd2fdd5f19cf6ff92f6e5b6aec05e9c965d2cba61ba27d25f53c101028b243157513291a43d280fa4063b3ceff628278c161ab4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
98KB

MD5
390de8af8e5cc135816e51459e14273e

SHA1
5e3f72b7b90429a3e624f0ecf162dd83c75812d3

SHA256
fa7dc9451eb89cc2b3585c24f86b1ec84a020e64564d53beda572e4e94f7aa1f

SHA512
8ee7e225359b3b1efe41b7feff77deb93e2c634bb8fb72b62d9727077cc9810c999c7e96d7d399e59233b2a841f5229521a09ec47d9b17b67dff8f0be8b22824

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads