6de66123526537abeaa6a8a7760152e982455e0368a4b4e4d8b15ab370610777

General

Target

681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
Size

93KB
MD5

681c4d0dbf9d7f3df5bb7404ea331fe0
SHA1

ee48ebb7b86d6756f50846d26b140ed0ad5f8863
SHA256

6de66123526537abeaa6a8a7760152e982455e0368a4b4e4d8b15ab370610777
SHA512

a1719a351281d7e047ff8987f85e3b3f2db896a74e7d6dbe9c29259a17fc50cd738fb7f439998473a895000736b7b78484313faf9ec66c52e7e3bf7f064cedaa
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0+:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0AB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3442) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\681c4d0dbf9d7f3df5bb7404ea331fe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2368

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
93KB

MD5
7bb2a245c1797a6fbac76b40934c4120

SHA1
365bc297dd02a9fdb66ce3bd7668a117c103b4b0

SHA256
b17faea3b93b0b8eee6818986b2f93da79100160d2938a5259121b5e2ef19e62

SHA512
623eb11a0f77b481bd491cde51d943e708911a2fda4d6a4bd7edb0431a0b8c79097eb26939f4d64295eb08a7629b7f90415e5bfc57d59bf4c253ff4ac21d256c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
102KB

MD5
8f2dea6b76100658604dd1d96fbf246a

SHA1
86ea5b05358a7c78129885cf000fec3fa8af4c33

SHA256
39769ed2d9d92c419850fcfebb1f1f039060777d74f2b2a5765bbc02516d11fc

SHA512
26f96a07803a62d642ee799264c7d3d42e73a89499e9b3398d5fa5f6224ba5aa625423aa6d35825f3843e15a89265123024735524e9147810aebed62e228d7e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads