3c88b52eccccfbb5ada039afa6f74a2350053ceef5db9852e99b38c03f3d58ef

General

Target

3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
Size

83KB
MD5

3981090169b63eb42cc83c04b179cf90
SHA1

4920c4f2c00befc2d5cd75aecc04339a36904df7
SHA256

3c88b52eccccfbb5ada039afa6f74a2350053ceef5db9852e99b38c03f3d58ef
SHA512

a5a7e06d53140ca8a40f5635c1672ada9bbe350e524157e46aff7adb0deef4f57b284655dd5840f2c3f39c638237989acf8f441770f324637436dd4550ead304
SSDEEP

1536:W7ZDpApYbWjnWf05PG0PG26f0J0aT75T7J:6DWpDWYPxPMCj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3511) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\RemoveDismount.cfg.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\settings.js.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\ExpandExport.mp2v.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\UnregisterBlock.3gpp.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3981090169b63eb42cc83c04b179cf90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2976

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
84KB

MD5
b8563610d58e81e77d9da103985e447e

SHA1
0eb0ec5840d6dcab6adb4619c504a38b472e3f3f

SHA256
82f2e1b6d971c377fe19a1fc768f81f69babd4a8db56dc5b2d5b7d87d4c10073

SHA512
88bce88583e458a2964adad3fb178587a2c41a26f1813a0e4b57cc16deac99ffd202932c8a7550b8017acff7accaa204087936fd7ef6656caa30eb6656d373c1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
39da93ecd4cf1c10e669edb9693ffe2c

SHA1
88883ee1ffa895aff4d449c19d74c48e6fbc83b4

SHA256
8028db6569fb256f6e8d157d3b547a06f08a3ea0de83fde4331c422a17f8d150

SHA512
e2cac5ba3e48c3f5f801eb72bb3a5b8d2040e1c3ee524ce26a6992a161f0659c6beda9d484092ebb72867e2a1f51c5afc6814fb5ee5904dd7b0f929977f2e7cb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads