36e3e35a02421d8b861bffb6551ec8fecc9f28035a1e5ff187126006e172bc66

General

Target

2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
Size

80KB
MD5

2e630906059c2cc01e4f8cf28b530d10
SHA1

bd906258bb619112903590309dca84ba8d4b700a
SHA256

36e3e35a02421d8b861bffb6551ec8fecc9f28035a1e5ff187126006e172bc66
SHA512

81a8becd4d5f335550c5906d42da2bf69a6f5db8509b7cdb4b5cebdcbde68213c24e129c27363afdfdf7c0bd31d216778ef40a50862963d4027772a0ec0dafd8
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (707) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
81KB

MD5
7ffb24c9ed71f1386df8fd95adb52d93

SHA1
15bebfa943e527b611ae139fa1795efa5f34892a

SHA256
26c7e28b7b93d107a03ad5c1680f9b5264ffcfa731944b84ab78bbec63dff2e6

SHA512
90a353ee6364e7179ce96e37e9e3a53f396e68865da84b3323acb8b9f654bcf5ad8b76404e561bd285ecba8456ad74dca9baa682519ae16e302262a0783fae24

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
89KB

MD5
c088dfe705d37fb117c3cc47c24b23b6

SHA1
8a9238bac010f2fe7b34e8698dbc029f154bb65b

SHA256
a75bb3ec7ded64f3b28a11ba41d434d156762871f36ebeffa394b690bd12caa3

SHA512
9a9ff528b8f29834f6f65987eeececd3d136d46937d11adacce4e46706423f79027161bb835d06bfc34ef83c356dc936b9375f7e35bb2e37694f957e9db98acb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads