14c589286a4d0913c0400c5101d115ba580eb238d4bfc67dae17b101977ab12d

General

Target

9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
Size

74KB
MD5

9378df256e769f2b4d3489e516657c60
SHA1

51cf559635a58fcb42af03bf16142b5015a71507
SHA256

14c589286a4d0913c0400c5101d115ba580eb238d4bfc67dae17b101977ab12d
SHA512

6bd36a0bbe1e3112eca17de6a0bae69f7da915820c73d9fae2f53861d41164c0d1c5644563116aa3a9bdca9766a424cafe9cae23bb1f236e690a50c31c13eb4a
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ9:69WpQE0zq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3539) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\SplitEnable.mid.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
74KB

MD5
b2095689fe10f1fae852c221e2aed7fe

SHA1
369cab53c7b16db66cdd3426d695015fcfd2e94c

SHA256
daf8c4ca61033f1a320bb593b8a7ef8aaca1d8ddcba0507a2b4a3534b14a50d5

SHA512
838c1996d4cf5b34e92731d21b38445dd7b9f4445f2a47c687e1dedabf3f86f6ed2b48b3753309e3f63c66a75050d759e9c717dfdd6d5f18ed88e77b1fae0b2c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
ea5f9d612fc3b8b74da0bc0bdedf97b4

SHA1
de8612d8ab7666a4948b56347740b92e4d415c65

SHA256
99a48eaa5dd560cdf88da704dc5e081f3df99b93072e059741e078a5aafbdcfa

SHA512
09ac3847d85b9a7e076517081ef75fd6a404a193f49b3cbd618b59cd1fcb9e17f4dfc0e26fdb7288a86a4bcb17ff179539a4f660859ee4f657902058bf1f34fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads