d3964d14e13887c283be8d30647174f2fe753a7b5ce8425ee137457d091fc537

General

Target

6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
Size

84KB
MD5

6caabd357fbe414dbb3776941bc6eb00
SHA1

d8ba7de2a8129626f8cef409aed4f2f1326746bb
SHA256

d3964d14e13887c283be8d30647174f2fe753a7b5ce8425ee137457d091fc537
SHA512

9e987dafbd56e569014cad21941a927a51a177621e75fd014dfb3b80c4803d9c544781b8a6221d1ce16868de75ba7131623308119f7a0ab71a2aca7dc9d83326
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhk:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3491) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\init.js.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\CompleteInitialize.ttc.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\LockSplit.pps.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp	6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6caabd357fbe414dbb3776941bc6eb00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2232

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
84KB

MD5
c2a56ad19db6ca84b24b317a464844be

SHA1
bf83e6f192ba3960b9836269b49953ec388f3267

SHA256
88e17f349964b335bd4675a89e067edeadf9a967ac259474da34849afd0a1c66

SHA512
46bd500381b3a31c29d4cf758f933c2dace42a637c37c185b5f66116bcf78de6850001ba9adbfee9a3012a2cf553188af133d1b117a3772e8ace29059b95941c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
93KB

MD5
eb4510a14d0ec37454ee5deb028964a9

SHA1
2a1c496b72277bd255d8e1927e2155e92073726a

SHA256
0fc7401abc9abce9b647a8849d0337d933523b6e4fe277882179fb9c424099ea

SHA512
10a4fd035dd3f70f1e5e78fd369a4d93c72ec44959acac2262da30ca6dca2cafca204e10aceedc8ddf6883ac19f778cd5de98fa067bfc42c50a99b2ff82a1be9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads