52835f94c396e56f0defb473b8a692416a056b70ff5fbcd73233ba69a945b274

General

Target

448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
Size

83KB
MD5

448ad0acfc00921f130a572d04c25870
SHA1

7fca02070185bd455af28e0eb898a7b2458bab8c
SHA256

52835f94c396e56f0defb473b8a692416a056b70ff5fbcd73233ba69a945b274
SHA512

a65e5bc80144f14a0e0268e5ad9be264301d3415af616a713696d96cb556b3f46ca323b8f867b951601cfca86a1581876be57f335bb981032b80b2e2103ea948
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/v4rH:69WpQE0zd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3467) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\ResetReceive.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
83KB

MD5
9ef794690bc1eadccea0f3305148f8ef

SHA1
153caa9683d6dd19ada8d2f7f2c8788edcc22314

SHA256
59cb68a3a4bfd680dd5778ff672b1f4b611e6f55d626de0ea780e295581d7fb1

SHA512
e2b773a96d9a818d66ae90a536102f10b7fc77a230847e0c834742a1b953025e2478abbab11350a74c06ad68406caa8c398452136ae3d8f87544d377ec6f4316

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
ec5f1d3e37914e6f83272865d30f1c6d

SHA1
4dbdf969640dc2087d155902c9dc6c907e1ee643

SHA256
ee5d1d7d437d8711347e8a7b615a6d8abb29f5957279fc18e81250cefd43d731

SHA512
654825a1b1358cb7243ba1a964bda2918c8370316b4082ca6eff14daa91b424db45eedf8f3f673a5baff666d523b6ce2dfa822c8e7db61c2087eca2baf50456c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads