d9446157ba3061e9ac84bec80af18e90c3712e6f1cfa7a7487482aef7fe09797

General

Target

68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
Size

129KB
MD5

68cc240d066d926b969094d49b9f97c0
SHA1

cb3870f2e3564705ba4b50c66b65d4c4c2a71893
SHA256

d9446157ba3061e9ac84bec80af18e90c3712e6f1cfa7a7487482aef7fe09797
SHA512

94d16cfecde162905f20b44f79b974956218b682d8ade1af8edc17f7787c848f998e0d1a90bab351282e8730e07017441848ac8d2a341c405c2795b284feaffb
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOe:/7ZQpApUsKiXBvzwvzXJvlwJvlw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\ConfirmJoin.docx.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmlaunch.exe.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MsMpLics.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
129KB

MD5
9698c5343a9884b6516a646cd1b9508f

SHA1
b8fd60c75ac93358c3ee0f6f5bfe73ab24ed43cb

SHA256
b9918e19b22a1feed70ce7d8cadc3efc251a53c28762da890227efff5541eb83

SHA512
63430d7810f4aa71075bfc6ab01b8e4cd429ea93cd39c132e6f228ab27698b65fe04858183d15ea557381699568967c6108152d25db1fc8f68fe319f2f8262fd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
9eff498fa3bde215ff685aaf2b136344

SHA1
bf6de9f734d99ef2c560fa585d3e7b22d293315f

SHA256
445eacc74d7eb399c762aeec477a47353de332949223dac5cdd66db009cae173

SHA512
296492c909555d867cf98ecbdd470b33f8f771beaa9fc899f9ba2f2a464eb0f78c3051c7d3ba23776bd819cb33b9f9bcaa09fd72be13a39d1dd6670853468ac3

Download Submit
memory/2380-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2380-650-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads