e3e17a48639636d2a4da33c8a5a1fabaf3676fabeb73d1fcb1f17ac5a968a800

General

Target

5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
Size

95KB
MD5

5ade483c43fb6fdd463ade290e75b660
SHA1

328c01d110dc5517451ad6384d515772329b1937
SHA256

e3e17a48639636d2a4da33c8a5a1fabaf3676fabeb73d1fcb1f17ac5a968a800
SHA512

2311ba90b98866b3b5980c54d38dcbad99bbf50a6e7022c818ded16eb70ea688821645f628e9227f95b1b152d39b6656b3b0e257aab19670aef49aa99a40b7cb
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0a:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0Al

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3427) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1976

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
95KB

MD5
e6f28b8ff54a8a9f980ed3d6795cf5f7

SHA1
9d0e48f4af3694775cf834c31895db18d6c4d70b

SHA256
ddf6a9506e642f69e61096007906f57aa04488b23f132d29ab4344586a008c59

SHA512
0ddef90d1b01d50c03cf48b549cdea459be04238ed9333aa601756e121e924156404ba275a1ee44dcdcc389d47de1366f82caad6cf2076276431087deccf1790

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
104KB

MD5
a9564134829d7f0f8e519bd11f091fff

SHA1
a8298a8ab6385a5fcd6b4f4e4994a55ba6175f22

SHA256
6e95261708fce3a94cde3340d6466891c6d834dcbcdd4b837cdde3d5550f94fa

SHA512
f7b5110b3821f72c095807396f80376d88d7845589ce4143781341658773f9de10dfd70bc4d43bb18a4a4ec1391610ac258418d65fb63ca25f1297a1db72e57c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads