a5faaa2e0addc2c5d0f83e7347946a07c1f62f29322333eb03eac476df31b089

General

Target

1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
Size

89KB
MD5

1376ac98b4e42818edd380d19d00abe0
SHA1

5eaac5ac1db70f7e31bfa928c015c70be859e48b
SHA256

a5faaa2e0addc2c5d0f83e7347946a07c1f62f29322333eb03eac476df31b089
SHA512

13209a9e0cff6f7a0f0f774fb09433fd93b1083ba513649c86b8052d2f7158bf51727b8498cd5ad3db6809ac931b538f6d291a6010e42acb1d8b1484aa7659c8
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7uH9uHpvGRvG3:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3503) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
89KB

MD5
4cfd289631f20e6d26858ab28356c86d

SHA1
e247fe624e881f85ffdda527e21996620f584dc0

SHA256
0c5917e026922274f4e00e35858cee297df5c9622bb3bcbd9f0b50e393b3f4bf

SHA512
14fa8de40fd2001595ac9b53fc6b7136d0c8b0f871fc018d6e2b42c0ff900c5764bf69d27ea2d4a5c926b85726e2b86e74205ec1f2ff63531101fa1878a3ed53

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
1f2d25d2feb1654a751a5ae32668b3e1

SHA1
091689099aa33aad69558ffb5844f99436b1d674

SHA256
c38ca57c9b1eb2a68f3fd590deb6ec2cfd3dc67b913ae8a9409f758d561510a9

SHA512
e457518f885cbc740cd01b9f9dd27b18c25240b00bca8d0773d6b98ba1b36c21340a929afce70a88379c1b2e867f87efc40c6bc4536095ea3a5b91716c438c95

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads