cc41dcc0ae6181fbc8d8377e0a6457ba586e9cbb6f390fc7364e0beecd7ff8c4

General

Target

47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
Size

72KB
MD5

47261f52a7b70f81326f5d247403d4c0
SHA1

07647939d755c24562ce2a1ae4d533fb6de647af
SHA256

cc41dcc0ae6181fbc8d8377e0a6457ba586e9cbb6f390fc7364e0beecd7ff8c4
SHA512

8b22728fee24075c70ab1763cb0daafdd6e23d0452928a755257636511f205e0a151f590d149d85f40fd32fa1475a7481b812bb05e382fb8099cbc13b8f7efa2
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UmwB:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3641) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\WatchLimit.cab.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromaprint_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2408

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
72KB

MD5
3fbc58c4bb950d9050d5c8067ed8bf3e

SHA1
6507a8858f69ea7a1efed5f27f63195bfdd774ad

SHA256
fb9241e26d5521d668f53472e05769791440a4ac7f962e3cd80145f7721f23f8

SHA512
e04061641ad7b7bfb65e250f00a04979ac597f109123b1336370a5283fb7a55e460f80f754a496895842b02b468d7c08e6999c93e1b4cb72c8a560b81f7f5c07

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
81KB

MD5
18dad415f31fbf13f6808709eefa499d

SHA1
a192f342ecbf611ab78b57ab0bba677d9b0ea292

SHA256
72153973db7b7e6dc9655e98c282abae63bc2bfc2fdda6c10335e94798b79535

SHA512
4e4baf3b4ac7c6fab3255ef2aaf7f43a4bf3a0aa2e2be033ef2df4f0ee48e9d2ca7ed8e4afc608cd0338e2627eca9ca610dd543bbc342482f5c996b45ddbc49f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads