f90e8f7a6602fb0bec7de33e32d354ec95a9c5683605bfb13e16106ed57c7fae

General

Target

085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
Size

69KB
MD5

085c0ec95788641513a7aef39cb2d580
SHA1

9a91079c841e9c60e951d134834d03363634d392
SHA256

f90e8f7a6602fb0bec7de33e32d354ec95a9c5683605bfb13e16106ed57c7fae
SHA512

948f81cd2ce559f161b6cfaf42f5583bcfc7939e494b5c6a173d2cb09675be4193ae28370dd9e556c2c304a0b69154db90a33d4a12fdcc69563def82c95725b0
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7txv+qwqC4:6e7WpP9oVLQthbYY9oVLQthbUrt7tcNu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3682) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2108

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
70KB

MD5
57ecce5ba887ba61f10594562245c55f

SHA1
79cfbf17c8c8ee1992040cf22b8cc1255b59080d

SHA256
c6e548f26dcfd0684066d02f38855cf20a6a36b463c8f236b8c73ac0f875895e

SHA512
6ab40dc8163e243734dbed3e75c983ae18186fd09c6c39839702b3bac79140c8c7cc5db812dd8fae4b3ac5296dc9d67719e3f17168fbab2f51721f9f07d5231a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
79KB

MD5
c24ca9f4588807c8523dcc5e9c0e8657

SHA1
30aa9fc761cbf564017ceea28af128cb37e30874

SHA256
d10872dedb795722b66bef01949a4b789e305732d61b7988bc685e914d2aa33d

SHA512
8f7fcced3e7ed71714aee40bf0582faf753f080a2aeed6ff4c99335f32f00f49a014074578a043dedbb596e3239c673e5c934f8780cd20e55ec961e79c3f9fe6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads