810a65bce10ad2031044a0177eac78c1b588b1d3054ac56313201b5807f8f7a9

General

Target

42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
Size

80KB
MD5

42445076ff107343284cdb166aae4ec0
SHA1

8dcd465f0f5de8e5a03a6692b401b8067212f2f3
SHA256

810a65bce10ad2031044a0177eac78c1b588b1d3054ac56313201b5807f8f7a9
SHA512

9edb8b6e5bc92f1b85021debaeb92b0b9992660558a7640cf800801090156f0eb0bbe217b82dfd836c8df469fad44c4eaeabc84e21226392e8a61f3cc50210aa
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v29HWvHWY7GG7Gl+1coHj5f41coHj5fYf:GBt7Br5xjL9AgA71FbhvoBlCJAJYii

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3511) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\HideRepair.rmi.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
81KB

MD5
3804e55071a6bd110bbf5f7380f285fd

SHA1
d535bae7420a57a772429b35421f52d7407bd777

SHA256
81e13221b1a640fef8c56145aceb7976cc037a641b40f4cdaa0fad3926400548

SHA512
580fee8d822c5a88b07023ea7ac4fb400c0bb0a2eb186b6e67ffbb99fd2d31063cca1e6a52044a8e339f57a1bd6fab00219714cc5bdb30bb1b00a9a98132f33d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
89KB

MD5
f331f5f18e6bfe6b8600cbb8d405af5b

SHA1
0c9f210ad235fbad85605bf40391b99bcd4ffa41

SHA256
e4e9619e8780adad93777d5252633eb3075f03c35504766b95dccee0a46d9ef4

SHA512
291641468a80dd21c3dc08a261dd597a941b1d7e391c0bf353f53bab17832dd35401d76d0a50a4f27198e6d0475f6554411aafba6e341bd6dcb5c7163188d9ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads