267347978ca73693cae32a9b34cc16247e98aaa5d1a85b844cea28015d5d8536

General

Target

403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
Size

75KB
MD5

403ccae208266342f3205ca8c9920490
SHA1

e11da599ddff0a76f89876d841ba0f7b4617a933
SHA256

267347978ca73693cae32a9b34cc16247e98aaa5d1a85b844cea28015d5d8536
SHA512

a9a1a5c5c21815eaa165084806d08752fd69ea953f2dfd3452f4c37b0d54857b498d55ab8570571ead2f7996c4164ae9480107aa44097785429b211f3661b011
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhl:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3422) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\EnableSubmit.tif.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwdui.dll.mui.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\gadget.xml.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\settings.css.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\403ccae208266342f3205ca8c9920490_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1540

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
76KB

MD5
9b8552526977ed5f22ce2d5e9a82e398

SHA1
20ed973d342d9e96fb359af488277dc351eda910

SHA256
8f3df727c8c0831f3df4a3ed9cb7c18e2621126ad42756928378922157b0f4a3

SHA512
bd648589aecf2dcc920e6f7c873a02e830a6fd6d83eb9feeb50beb982237dcdfdfd37bed5db85a268cdccf0a85ea1cf647b4ebe0c60798058d61bcd1e895038a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
f194c50e45d4122f6bab564d44793224

SHA1
0c291ab1f07fd3741b8aade3e35f03ace558b52a

SHA256
1aaeb78cb5193da1ba36fb6cdca67f0d3a71da3ac9d2a018877337f5b97e7a8d

SHA512
aa65766ba43d5610777738bf4e80ce2da4540be38254f7ff33f147344c434476358beb7c32553c83ca3bf43fb6beff3896a34e0c6034d3843b312f2e5a90c89b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads