b310d326ace79d827c1a1399c3e5f5d0841467417a12843d3102a32b49e35e31

General

Target

79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
Size

51KB
MD5

79577309e33797f38085269b2fc00bd0
SHA1

fbc150475bd06fda587c9b6a75abec3363bd8af5
SHA256

b310d326ace79d827c1a1399c3e5f5d0841467417a12843d3102a32b49e35e31
SHA512

5c8bab1f92ebc98e58b720dd9c78c89539d27be3d815ef88a6106ce86b59a4a60990dc20e070c6aeecbb4616ab904fede7f86764f06fa2374b3d3c8008dc89bc
SSDEEP

768:W7BlpNLpARFbhnlkYlkE/QhnKhnFqqgf2qqgfN:W7ZNLpApuZlZKZgfffN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3740) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
51KB

MD5
019dd96451d31bda37609dc2e21f588e

SHA1
ced79dd630e7c07f596cd884706e18e419533ff4

SHA256
9bb3c10a4cab7fc7309237853d2d7328c4f00e87f78f7132062f458ca26de4db

SHA512
3deba85568fe78e02890fe0785c7c7955692a9dfb5a030864740ccbf5b547bac6446f757137ac0330a7b26ebf2c40cfb9088e7251f40a01b7e0bac62b78d5837

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
60KB

MD5
502c040babf7988cab409f0307e2f517

SHA1
e21ca4611e845c23d926f95110d82dd54191f346

SHA256
1cbf625b018a50460adc6775967ac9b3c16cfd0ee44f3f8eb1d21d0f151f89d5

SHA512
27911104e0d65d2ca038f98680cafcb7b929ddde17c3452b8ada2e96df9360e1d2134b0d93140bc6489b3ff997f7140a2047ef11a320993bc2838862413aaa32

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads