1b49c01642dbf479b3eadd04163094cc0a62cd818c5560eaf4bc99982dfc3323

General

Target

ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
Size

75KB
MD5

ca90846f5fa8e674fe5be998881cd860
SHA1

4d685e9556be76d07af244e321540de1163bc309
SHA256

1b49c01642dbf479b3eadd04163094cc0a62cd818c5560eaf4bc99982dfc3323
SHA512

5af2428adde2a9b29f4fda7069651cb8c184c43bb7716c63bde7e8cfec0f362868e729798d3b7397fca95fd29447fc117ecba4692df7b9ffdecc733b643fb15c
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhc:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (837) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2808

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
76KB

MD5
0298e19b654084eda1dc9423e8cc9c43

SHA1
0691d9b1d1691738477bf3a659ceac247f08ec11

SHA256
dd4b08769664e237ba04e33277fb8af1a4e1fe12a88a356582852da8c5d739da

SHA512
0bb9df9fc7624596135933a9f2ee2aa7a42e0af6446b2e78c3f279740f94bef49826e3ef393087da46143c6ee13acc46b5290080bba42a674e0ba7c8d898c4c5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
e6f8529b7951ac4e46e62bf5b4d32d57

SHA1
9e10464fc882ebb368d7428e178d9276475e1a38

SHA256
53b767ef3233940a78af548419115649cf805ed411ae9a5743f91e8f3f59d268

SHA512
69fb17945772b21e68466a3080444a898c3d282afcd145fcce160aa238aec7e62e834f19e42344e4e822d98470cd48ddb62bc6acdb84ee4c28c6f0b9943b4622

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads