808adfb7de7ff6021e65ee69e1684a429d53ff97a5a67b0d543e847b18887ba0

General

Target

6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
Size

98KB
MD5

6433074b1bbe9337e2523d8e3a3afe40
SHA1

55424c2ab7aa17ff4e20fdf7501d118680f5124d
SHA256

808adfb7de7ff6021e65ee69e1684a429d53ff97a5a67b0d543e847b18887ba0
SHA512

a1cb24532653f7a7c5bd531fc9b8a135afc7a0abe9ccb171b6e14143e0a009c410c816044862225599ae7a631da6ed32df7c5b66ac82a3ddda775494054bb7be
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEbThymcJ:tFPxPke+eIZyR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3478) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\StopExit.vb.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6433074b1bbe9337e2523d8e3a3afe40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1576

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
98KB

MD5
cd0f16524c76e5acf4e9f5357678dc83

SHA1
604059a31aaab5d255dabe721037b6180bbc72de

SHA256
4e2ab93e70bc6fc1d754660489de1a769932d619576bfc9bd3c233ead2365082

SHA512
a4c9a946b6fc40e00afc763f8f36f2176c1fb27a18ff76649e1c345990d24facea79c4d3824c9ab60dec3b73164c3dd58d6dc129d23ea7e9ee9d4f3042d632dc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
107KB

MD5
0a5451669bdd7bb3aceb8bc32e393e9f

SHA1
afd24f62e1e3067ab8ded992d1504e2368bef108

SHA256
7d61b54d61bc7f2cb5c6ab4da3bcede1c5e5cc3b3e59b0921de51b31199788af

SHA512
935814925c1b1526e4c1a34279bc7538a10a4835463411a8592b15e9f9873fddec5c5ca890369254f191cafe3dc180e4289899dc6386477e9c33650880036c20

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads