41b6ae0e914db0253be9094d56206e9db569bcc15077eec638f30ac84eaf6ad0

General

Target

7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
Size

46KB
MD5

7b39892f9d2b3a1f6e8c0369d2a5bff0
SHA1

0d33997e619df3ab79b613da1e1d1c169baae958
SHA256

41b6ae0e914db0253be9094d56206e9db569bcc15077eec638f30ac84eaf6ad0
SHA512

467ab6c757cef5b9957fb3dd692f0573c685b4a47cfd570a4e71fe7bfda88c2c9d3949a937b0a26a7b910985cf0fff9d344b312ffec95cc4f4ec8424406b1e10
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsH:W7ZNLpApCZrt8PWGoPWGg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3791) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\ExitEnter.docx.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\micaut.dll.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2364

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
46KB

MD5
1ac90bccd6e969f3cb598274bbb9b2a9

SHA1
4da3c46d7cae413e213c0d929cb6d15e407e1f01

SHA256
2ec64baeed6c78d973d2fbe46a09bc32645ad132b108725abb5e9c114be8ec3d

SHA512
ee4ec3df7fd9c0e20bde83ccba1f9219be44581f6bf5d16351bf9157bfb92a1ba9a27b73f4feb741b2a813ee309075d67e39f94681ba87f4ca09a30e5598431e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
55KB

MD5
2c682fa55ea7a1366423536846108c1c

SHA1
f44cec59328cd591063ae944f0ef371c51b50c2e

SHA256
37b72f18f9686dcdd64e0d19afb42ed66530fc68098360f729b497a1e02e2059

SHA512
f63ae6e976713c68ca7e09c44a7eba452850b5ccceddbddfd393fc8d29b184f17561046adb722a8a3b59f49909b67e405dd50756916a70be654c8a26a02a7c80

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads