91fa0a17e8c56b3537eb40315f600b512230c49521e94e62e3438be9ad5c50e9

General

Target

5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
Size

81KB
MD5

5215339a990474d98f11368bf0806bc0
SHA1

e8b5e93deade4636bda8643c7b2ae5705a1ff554
SHA256

91fa0a17e8c56b3537eb40315f600b512230c49521e94e62e3438be9ad5c50e9
SHA512

2bee3f73e8e8522ade3d8c6b265a6e41777b17ee860075063ef5f7331604c624168f1872d26b10c6fc3fc536a79f31426958abb9107d631d3c24725306b1afbb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/aJaKJawHCH6l:6e7WpMaxeb0CYJ97lEYNR73e+eKZk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssui.dll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2352

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
82KB

MD5
ae170cd753cb2638a522c6c748b916f1

SHA1
fde40c9ff50cda88bb90aeb122831d6e90ab0599

SHA256
d7327a83e1eb2e9aba87cd88f239a0abeffcafb0e4e45515758c9f954fadf58f

SHA512
2dae4e7f319cb4b7e0742a65978b91fb9416ff5b799993b03bbd592c305e720ca65b463122678cfcc3c45ee766d9d1a48465fe40aeda6c8ba619e8e65c8b6893

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
91KB

MD5
1a71b1fa4b02d36ad74c0bfd517db02c

SHA1
1f9da86fae04692a3c7d54bfdc1b53133304ee98

SHA256
567f6882af57e38e709bccfa9420e136a1a04f01aca7f7d610b176cb83b211ce

SHA512
a4b4cc2ab703e05ab9ee2c959ef5e4f9f857c67dee0178b6cae30c6a4d4d7f4691f7fea0a91bc720628059e7220eff3769038843c85e6b2bb2e11e184c3210c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads