8291645f3bd52038589f42036fe6a55fcc2d0f801d6bd1f2fb34b8fa00fe5fdf

General

Target

542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
Size

82KB
MD5

542aa68312526a96de56585b397042d0
SHA1

abd8871fa334339107ef5af4f804aae8ac9a25ce
SHA256

8291645f3bd52038589f42036fe6a55fcc2d0f801d6bd1f2fb34b8fa00fe5fdf
SHA512

87f0015b7e186e13677e0e73da179777782fc5b63ea80b6ac393d22b85d91246fa494e7b77e583c3b9714135301e95f6942075dff9ae0af2f786b485a022e4d9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5q+:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDaf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3463) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

542aa68312526a96de56585b397042d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\UndoClose.emz.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\MSPVWCTL.DLL.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	542aa68312526a96de56585b397042d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\542aa68312526a96de56585b397042d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\542aa68312526a96de56585b397042d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2160

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
82KB

MD5
9ce7b06256afdfda88a26f4258a2e30e

SHA1
326c1b57d93d7413009857f5b21b73c6633e8642

SHA256
622a942fe193c08ccc16a8f92561050e4fd576c027355e58f8d1b7cabba21ee8

SHA512
3e0c5717d989d486b092ecda3ed0fd429dc5930dc6f828ac287c3d63cf14f84c798c8fdb3b7e29207dfa6338820c8854a78d306093acb1fcb5bcf1929fe0e07f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
91KB

MD5
373300a7f03127d15144f59d13ab3c68

SHA1
5b83024b84ea5712fc7079415c62920218a50325

SHA256
5d00a586e3530cef507ee38361c790cde1be26df16ac01c0f70bf9f73b3d2b88

SHA512
239f0206918eb03ccab219926c107fc8855b7a4c8956373c66f66a57299ded2df8e2393cce9dee080f22f6199e4df601087a8e76b5411d6fe0cef6506097c7d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads