efa7f935b7d91f8f707d481f867a59db6846d72c6b73ce323e6eeb8f3e98e51f

General

Target

3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
Size

91KB
MD5

3b0fbd5f1d8d760548bb50efa5d6d8a0
SHA1

23992c2c4b26c0df99455b947ae329f7fd855225
SHA256

efa7f935b7d91f8f707d481f867a59db6846d72c6b73ce323e6eeb8f3e98e51f
SHA512

7e6e194e8ca01692fbe771b957090ba197674cb67d37421ee1eaa4844c28a5bb65678d291974af2c9c6ddbc2bbd72fb236a925ba9086fdb815c63b6c1ecc44e6
SSDEEP

1536:W7ZDpApYbWjnWf05PG0PG26IvxvWyCUyCJJTfJTO:6DWpDWYPxPTJe4k

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\localizedStrings.js.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b0fbd5f1d8d760548bb50efa5d6d8a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2976

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
91KB

MD5
30f1edbeb7d5fe5a97b515eab966e9e7

SHA1
038ab00135163148c4df1855bb2bf53bcb4af742

SHA256
83ffb64e7e029e1555548e36adbcf9bbd7a6b965e2d77b51e6a9720096acd45c

SHA512
df268cd20fe8a3a20190e434864f5d408c554562a075fd4f197f733ff847268e68da69c4fd420254982c22cb07b0a2836af993a9229dba8caaf92e0599481efa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
100KB

MD5
040345ed81c83b0a8422e5fd1a048763

SHA1
01fd62c840f34667053e634c0183d4478112ec9c

SHA256
3ab611efd28adfb4faaf25294aa22fccc0287756e28916adcaee6f436449bea0

SHA512
9f1e18d3533ddbc15c20a0d1e384636d5b945a7d859c51fc14b6b53aac594477545a36b74a20e5f9ffd5abd7c3460e6546e16c8176157aae25a1c12a799e6297

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads