f8817b717e5abc20bb5df4d694ec10c6f7fecdb434bce2f3e233127658170b5c

General

Target

15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
Size

117KB
MD5

15b72be5a9b7ea4895515660f5c61970
SHA1

84acb849ac8d3c3e37082f38aadfdde2bd5f121b
SHA256

f8817b717e5abc20bb5df4d694ec10c6f7fecdb434bce2f3e233127658170b5c
SHA512

68dc8e3d0bebe30aea84c17692d05c00e84658b506726fa1bddf43deddc12d44bb1d77324491edefe7c0cc92565613f6f515b74c850f72f69acdc1ebf9ab3bed
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEIixihyKoIWbsHfySkT5GeCyi348oWGRPOzkA:tFPxPke+eI6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\calendar.js.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\15b72be5a9b7ea4895515660f5c61970_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
117KB

MD5
9d8d8b239ca7f6dfa2401d7d1e95d303

SHA1
bdd0fde5eb84a88a5d93b0f8142dcafe757b8b8e

SHA256
26aefdd7672bd4a633d8b8bc248669b64ed74810f4a1cf930eeda77efe629db3

SHA512
d53f1f2e2673af48856f6b36e71bcdc11316b2f96d91cd4a4465d6025887493932d17c561b0ab6c4277220ae30144d4fd33604f5f2cce6c25d4829a129aec1d8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
126KB

MD5
6de967a7cf1a74d6601e5c8c599522e0

SHA1
abf9853a7a10118d9143093db6966fe9270cf5f4

SHA256
6ddaacc7775c4d14be6b804efc4f513a75916a03ddf121f4cf32402d4cd49b31

SHA512
092e552ca3f5086849ce5f21689db7e5a1719b2d158ab86162add05bb4a28fc0bb48519131ed8a5a83ac2d443161f492d5e0c14d033796343a99f98472e19734

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads