dc691adc1145cde00ddb8adf7ed5d31835ff31d1f342bbff7750be9247974680

General

Target

43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
Size

81KB
MD5

43e212260e7554f0280fbae1b44ec6c0
SHA1

2195a1d6c2fd193cc0e4a25872cbd2df794773c5
SHA256

dc691adc1145cde00ddb8adf7ed5d31835ff31d1f342bbff7750be9247974680
SHA512

767492bc2c5733e786b06b6af2d8bcf7f972a610e82cbf114859ee90dee2f6bf9436fe09b39aa6f3eeb87693219f2830477ff81e777b3971011002fe4a50bf51
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDN:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\43e212260e7554f0280fbae1b44ec6c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
81KB

MD5
8a2a03638a0dd94ddcb0e74175e30659

SHA1
f456b634c87db941c424603be2aeaf074ffe9f07

SHA256
25794c9991e9dbf15d22d871d9ba4ce1aca90bb1c3613781ad60a1dff0d59420

SHA512
3640448dd877f6807d63e9e22aa4eb02e134e4638c5590e4a3d3e9c3ff1df280348bbbe069edefebd8e9c84ba1d117e996605956491edf77bc59922708152971

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
cccf3faa3dd9850daeb6576e63d45b69

SHA1
78f3aa9a73af543c9e3540faadf29e4689767b8b

SHA256
f323bf0ae205b10a7fb977fc1e16852fa31a78dec0c26309e9468f938f13d4ff

SHA512
07896e0d3738c0578c530adb682c9a55fd741630ddd264c84bb7e075f931722c73fd9597d577cf5b633e8b0005b1b17f7ea7cbf529dc7fdef798c42e6e542e5b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads