471655d4c1b7207fb1219ec3cb1c187178aa6626d8ae15a4781dbee03b337f78

General

Target

07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
Size

138KB
MD5

07b92c1fabc9edbdceb550dd4fb30e90
SHA1

fe2918bbe2f7f08432dd45d60bfce574148136c3
SHA256

471655d4c1b7207fb1219ec3cb1c187178aa6626d8ae15a4781dbee03b337f78
SHA512

aabfa91fb0f55e2e4bd75c9e47af151f2dc106e75561dc4714f7b69801de6b0cc9c47ae579407f6aabdb7f4bf62d67253de404937bb893dc8db0cd95de5cf5f2
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOs:/7ZQpApUsKiXBvzwvzXJvlwJvlC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07b92c1fabc9edbdceb550dd4fb30e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
138KB

MD5
1edf5fd5ac4f6a459eea68eb5b3516c3

SHA1
bf7750226571b34b3c06d289b58a90e8fe59e420

SHA256
d0814cc5e51f920c679b942d34b8e8f71446d317c284e457a7f5e4b0657a76dd

SHA512
9df5d434c84d3c13cb4966cb0988bce710d0febbe2b92b28786a671f51a7d1cb17711d5ea3046c0c859d2b0baa92364fcd8eff8aa55607076e14bc24b79ade02

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
147KB

MD5
a211d3f1032a63842360d426ecb33dbc

SHA1
d31776a1b0f5d0f6da4d630225dfb1418f145f25

SHA256
f5255d40df22c7d76016ef98b20d0a68056572e39c7a384c4b97a3e700224a15

SHA512
7acd0539ea1920fbe1c2714c3b2f3cf92ec25bd62f77e2ebd9487e84a4839f0f42d35e8e1b2b1f268827725634814efd4a79f61539a571fe5caa676ce7d82093

Download Submit
memory/2184-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2184-640-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads