2b1cd29f806cd28b97a2f2aa3221b940aa02f6babd59b1d9fa4b89a6e721c4f3

General

Target

35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
Size

71KB
MD5

35c90f76028efe12d0c46adc48251b70
SHA1

4cd1f81e52819c5be9dd960f51cf352a6cc8989d
SHA256

2b1cd29f806cd28b97a2f2aa3221b940aa02f6babd59b1d9fa4b89a6e721c4f3
SHA512

69ed66b1dc6a29b15dec02610b0407ccd15b7aa259f679b2c3834e035ec8f4de7b0af2ede2e01053fdcf025632c70a18d40483e02697a46c03a7a2ea2eeb20af
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UPJ0PJ0+:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35c90f76028efe12d0c46adc48251b70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
71KB

MD5
0979574fff7b7357b4c3d1c1a28a8436

SHA1
be55d2c2adfedc4eb29307d6bbc6e10be6302a67

SHA256
911ca634c258c7e2aa391579b32976250d0bbfe9c72920eec8902b174e2566dc

SHA512
8b42dee424275abe87bd665302e8c9c6bdba49d7f3562da4b46aa4496dfbc8dbf2fc43f35444b38143ddaa4b412987ee72a073a64abe94a29863f347e4a9056f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
80KB

MD5
e2292ce070c219d28e6e0539e6233297

SHA1
d949a8428ad7ad944bdc02f2e14816c3ab700414

SHA256
7be044e7409452c0d3a6a10b63b535e51dc28f478c28ef22efd5604403b735ff

SHA512
e6636c63cc1c7db3cd80540af26524321680578caedcda2af30d8637a6111b5c72e7be7b36b56eac88a424eb7023048e06db562357451a70af8a5ab3e09a8c0e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads