783f35eeede9729c86d40f0781f53c2dce816aa62b68b38eb515d0ffe2286fa3

General

Target

55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
Size

120KB
MD5

55e800e982bcdf632c14bbc52acc7580
SHA1

5d146df343c53a9edfef929d7b69ec225ff766f5
SHA256

783f35eeede9729c86d40f0781f53c2dce816aa62b68b38eb515d0ffe2286fa3
SHA512

f70fb11525745cd0ab2e19fed3cad9dadc6e1c1bd11b4c84ab8e69266377b7bc3e02559e0009b9144520283d3797998afa48ef33338adb45853c0df3e6572d4d
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzB:RqlIyFESWu0SWuGSV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\55e800e982bcdf632c14bbc52acc7580_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:944

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
120KB

MD5
a7e20f8934a6fb2f8341579de0a37f57

SHA1
e18922160162a999a6b8949cbe5e550ff38d4317

SHA256
b25b7df9b087424ea839ece88ce4a8cd52b4be5c43c2d93f61714f6db3dfe97a

SHA512
bc2d37fd2b17fd7f4820a3b533507715d59eec411d6431ebec55e1249f0b26da0c40b9c0fbb0510efbe134d3af5cb2a3b46415847ca38669b97ce6347ddc4888

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
129KB

MD5
2b067141d7abaf2eaf27e828c445634d

SHA1
76479ccef0ff5c7304a6f2dd5543ae1fe73965db

SHA256
6e305302e6a8ba549576bf73bcb9608bea6dde3db744d4993a96b2b09dcc7af3

SHA512
bcf3cddadbc780a7925e868857d8005a64573c3dafb39f02fe0ddbdd954be4db77caadba664eb8a1e77f08a09750fc084b20ed86c5aed7fec55cf4a6ef7bd180

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads