3ab10bbb2cbecbf6d0a158a7d2b5036fd88d8399c116ecad0ccffb22bc84af4b

General

Target

f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
Size

46KB
MD5

f44d7a7cb5b852e1f9253d94dddee1d0
SHA1

b875dd4a1540426f532580106cc7fda0a413acec
SHA256

3ab10bbb2cbecbf6d0a158a7d2b5036fd88d8399c116ecad0ccffb22bc84af4b
SHA512

cd7689e7398fbaa3a3ee2520b5eae444dc51d4c901c0fecfd1ecb932c7eb02f188a15adef5261d59c06da0d3a9b288a79eb0f66fb7a8947dfc867ce7542a7cd9
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGHqAlJpxIqAlJpxqYJIJDYJIJW:W7ZNLpApCZrt8PWGoPWGSe+e0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (971) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2312

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
46KB

MD5
1b6de58ffdeabf0a4aceb8bc8a210689

SHA1
18bc53bcf8cca35cc7b69c975ae87174b2b55f35

SHA256
e73a21411681bd73cf90390fa3bdab9acb3ae9274b77d07915e2c48a1f8d4a74

SHA512
ba63fb12293470b95273cc4677b3b989673fc939e6cb9a4e471f545a9c619ef7e0fcf7254b9cb83a8203a3d0957908e6dc74c22f7f068ab9a50e78a62e9b4071

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
55KB

MD5
6a47ec6b02cf480cbed660342e947706

SHA1
cfbaee7f0079063e3f4e0b0b04d204e7537416c0

SHA256
7e2c92566cd1049f46c17359c6942282eefeac74e2c32d24dc2a190a01fc33fc

SHA512
b7d9c85e87d8fb3acd13032486915550138d65bb4e0188ddd0cff21794d2538afbcd06b3925c52a8d2836de6e222dad7f3384f0f7b78a42186383f0ffd5cdc39

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads