f283012c795616f30b39f23033160856dd7e7379b6cbcef3d6405bf9e8132208

General

Target

5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
Size

92KB
MD5

5cc787c18dafdbd689b3d1320ffdbcd0
SHA1

fec69fa7d33b5ff77f7a817b53d98edf552bda74
SHA256

f283012c795616f30b39f23033160856dd7e7379b6cbcef3d6405bf9e8132208
SHA512

8d6b9aeb2b899cbddba63fe9053970d33910840256d285680f094b4fc43e06f7b15d48b7fbcbb53bdd3bf68ae5426eec1f1a77a4428118bfbc21a6457cf4e1db
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5qr+twN4R+twN4f:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDam

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3565) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromaprint_plugin.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1796

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
93KB

MD5
87f0f965532901b479b854dafe5d51cd

SHA1
bcf178f169b9542405616d1f2de3dc6660d9e94f

SHA256
409a4272654bbef190598b7447df62e8f95b6da827db33c75f9364cb53f425e9

SHA512
c494b140cca93502fc02467aa9474e6d55127b594e584391baa101faccbec0c3bfec82c937b9156808bcf18902a3578a2b9d437ff4fe100df96cc90606bbc2ca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
101KB

MD5
1700d24efdc2283b615b9d8d996f52e8

SHA1
1500033c3fc83861f52364375851776e81f0f0ca

SHA256
f64bfac8d3e940999def8a1cde909560ceef2b7a8bcef41e8dd715963707f019

SHA512
69b6cc99017dc30cd97b7bae20cf59d3fa483118d4c32dadbb6b97f3afd74144fbd15170fb1484e5a4837fe6c07ee6dcd9dec51e3bbf795ec83ba4d59722b877

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads