6aa8b852ed12213a9c7107591f3a108e0553681ea3c5b3646c593b5776206da9

General

Target

56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
Size

70KB
MD5

56a313e564f26b28827246b42f36b190
SHA1

77873aabfad8b481aeb8a90605a23605b32efff2
SHA256

6aa8b852ed12213a9c7107591f3a108e0553681ea3c5b3646c593b5776206da9
SHA512

2baa74a5a156203bec3cd0fae380d2d4f5f0ab0c0c0421cb5b399002ded7612a7e0f632fb9ca525653af6b1ec0e0e1d6948e2131505c401ad40b20f610f786a9
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Fl5CN:W7ZDpApYbWjIlE77ufL2e+e16al5CN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3434) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpLics.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp	56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\56a313e564f26b28827246b42f36b190_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
70KB

MD5
cfa7de72d4684ffedd8b66b5b77f9c01

SHA1
dc1652446f997dc9976d78ca227302a67b53a5c7

SHA256
3bfdb8a1509d7704596dbfe92c24e0a67607a3955912ed4670c490949da66e88

SHA512
dcb505328be7af756b293abd06f8264065e799e1ae32b55b9f59f8fa86496db2849a3da8a22875f6741f0e8323f3199ec50bf0a560f4f99d38219817f88a7597

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
79KB

MD5
8099a8e5d8f3bcf9ae53368cd16d2d5b

SHA1
7d6ce56a04a137724ea2fc6ea2355c5c86b20437

SHA256
286a533536b8781d3b63cb58c3e1d5f8157479971473bc27324234db6847d8eb

SHA512
2cf9fbbc64256ef8827585791ef33838e63f40408861d32cfaf4d3008250bd663f229d442511c6bc9418437b34e378a31402fa3b31221a1c9702c97b51e65c4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads