884947e49ec90cbb68e6f130dbc7c66db080f5ba735e077c758c6a21c8344601

General

Target

6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
Size

71KB
MD5

6565613aa990abeb5df6c5c83591a100
SHA1

3ce8225de79c0682481eaed36759564c6c031433
SHA256

884947e49ec90cbb68e6f130dbc7c66db080f5ba735e077c758c6a21c8344601
SHA512

a2b389521d1c239058b53e816b67a8df2bc1cc8be9cb76a3b1f6b535f33101c49bf16a1a95f260001d1dc27d24a051d0222c4916d72cfa54297cda69cfaee886
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/U9:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDca

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3483) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\settings.css.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Design.Resources.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2764

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
71KB

MD5
2e19fd737ff439f3d04219a657017311

SHA1
39703f4219f5630c8e4e6c2af330ef1e826dc456

SHA256
9d8c285e6ba5b00a6546c0cf67fde694446acd67bc82b9b6125e74d3dc394dc9

SHA512
9050a75fee04fc958e5812990ea11af5fceaed5e3f452812da07a9a32e3b4c1edb16af47b7f2cb802d4ab04d450c98e40775937f0d1abc42ca92111c2691a63d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
80KB

MD5
3a350190cc0174e7070f27b776aa6fe5

SHA1
5df1173fce49535d8a8d14a73effb6b67369909f

SHA256
a933754b2aacb13651c6275c3985f2f965955d72151786eab27a558ef63feb6c

SHA512
16e68c65aa97bf90c4b541ae209820914b561c2d8b115d31ae62a98338f8f449c40d7fc0bb0ee86918cb61f15252fadcc00642503d3b56a65c005856a4d28307

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads