1d8a19605c49ff300899e7f691d70299f28ce0de1cdf5d0a897751ed636835ad

General

Target

6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
Size

98KB
MD5

6b4125012feaff1a182332b81b8ad680
SHA1

de9867e233523ef55fd949f4386662cf7543c6e2
SHA256

1d8a19605c49ff300899e7f691d70299f28ce0de1cdf5d0a897751ed636835ad
SHA512

32072504d52fdd4d53ff3922aeb6d2432265c58bc48c7babda5118f73c16ccc8b373ab5af98eaa576f4396101e8951500d904f36362be8d4c8f3e4cfdc391873
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEbThyg:tFPxPke+eIZyg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3446) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\ConvertToWatch.dwg.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b4125012feaff1a182332b81b8ad680_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
98KB

MD5
fba29abc69268cb8e811dd669d01dc9d

SHA1
e23c0892d498d0717c7f0d1961e1522851ef8370

SHA256
7d1b00eec13fea6b9a7146a42c748b0b40a502eacb372b46ae34197152284094

SHA512
85169444dfb7511582146d3c46e61aeaa89c4b0d6800c6173085e17368ef511dd37c6758f142eed9eb545c1c4318e16c4ec0749f7a2dccc31709b959c2695a87

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
773333a7af7d852d0956ab3591e00e9a

SHA1
fe1cb691f4bbb329d0d46be80586f564ca8039e9

SHA256
e907ff6f607fec27bb16d1691d75735cf145eaea3468758d6606e93b31c40ce6

SHA512
b9b4a13d007f5777d1830b1f4717af35e919d0524d50439a6d14e59ba1778328b450da53387ec4c0505d122be97b5482da435854b04d2672ef2874e896bc4788

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads