e8478ad2a93b9947c48e2c2a9dfb5c2f2defa862f4094f1891207f1bde1f7e02

General

Target

41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
Size

73KB
MD5

41c29b72b0b4a9ea974858e070a030f0
SHA1

37030cba3abafdf9f5b9137791bdbb0b9aa5f62b
SHA256

e8478ad2a93b9947c48e2c2a9dfb5c2f2defa862f4094f1891207f1bde1f7e02
SHA512

61856e9b225d50359101810870f10d88593e381807352d41ca7d4c0ec537b1a8de5ec3208c1c9382f51ae1d595072a54f13e497ce6de4486898d1b9474365f66
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJ1:W7Z9pApQESOHepOHe8G+6E65TGA3vd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1093) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\descript.ion.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\BackupRequest.xhtml.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\41c29b72b0b4a9ea974858e070a030f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
73KB

MD5
78e0a5e83ab84c4ce801ec64b053d088

SHA1
7f626489faacc31f91311473547429b7f0f519dd

SHA256
069d5e63ee90218377ab888bb7984bbd7898a1cfdbb659166e3a444ce4fdf692

SHA512
b9c78c8a5038a94633c0166a1f7489261d738eebd7506420124ce54a40856b1356149b74943bc9deab13a52d89a38cb83ed5de2a214ca4748688b41b1a9c2772

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
82KB

MD5
105f5569d48f128f9cceda76d4fe4318

SHA1
76a5c9c6273b0fbb65d0cef9509bc12d1f2d9fe9

SHA256
658c6d595fe76490259327f88953e1fb104d5f10e962fd6897b086a7fcc7a5dd

SHA512
5ba0dcd23c205070442bca559aadaa8d30a58853eb01dd477834149f9f0012ab1227669add8fd489f06eda0f6b152b5c2d1af5adf16b10e1fe1998184a7003da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads