a502f4d4daf1f8a5622842445e66904896aaa3d9a632a099ab0553211a5617ee

General

Target

71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
Size

73KB
MD5

71fa0d00fdce547e738bf45e1e5b1e70
SHA1

e6440866cf7de4f83a923d3cccbd203fcc3a0492
SHA256

a502f4d4daf1f8a5622842445e66904896aaa3d9a632a099ab0553211a5617ee
SHA512

929c093aa5ab37171c4b4acc8897c44533705fbb72f3ebf51613965b8036664a636284b48d418e9e0d84292c102f8df4720f26c9526a32b91e154cbbdc473cda
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJw:W7Z9pApQESOHepOHe8G+6E65TGA3v4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3518) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
73KB

MD5
9018a05b01daf769e2965c007b3c4f0f

SHA1
d0144f8dcd75541e6aa5e3d20ee678134e335d66

SHA256
9d0a09617430d94b4246038b3e282230f8449125f50dab544fb1191beabd6263

SHA512
0f7d2d995ae06d07f595c5220e18bc95e9fd5f891916beec8f9e6e4e1aec7df68469748271ac20acdf801d093a23aa081d0da8b3dd3f0aae0009330f32d6a0f4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
d5126df67797b6f611f6899004e595ea

SHA1
6eddc7078be79b27a5b95fa8fcd4f21e8374d8d6

SHA256
b0366ae0c0af3528a444e084cdbf77260368fc549c3727ccd4e3da00db2eece7

SHA512
dade3e056877014670e34fb261c1a929f7c9e340d3ab98f12de6d3b845e2f6cf531702ec2aadcd60521c9a484ac352ca34a8c2911e68ff5e259200be03adf640

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads